CrushFTP < 10.8.5 / 11.x < 11.3.4_23 Race Condition

CrushFTP versions prior to 10.8.5 and 11.x versions prior to 11.3.423 are vulnerable to a race condition that could allow an unauthenticated remote attacker to access unauthorized endpoints through a specially crafted request. This issue is due to improper handling of concurrent requests. An...

CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild

On Friday, July 18, 2025, managed file transfer vendor CrushFTP released information to a private mailing list on a new critical vulnerability, tracked as CVE-2025-54309, affecting versions below 10.8.5 and 11.3.423 across all platforms. According to the public-facing vendor advisory, this...

CVE-2025-36632

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege...

PT-2024-25682 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions 8.18.5 through 8.18.13 Umbraco versions 10.5.0 through 10.8.5 Umbraco versions 12.0.0 through 12.3.9 Umbraco versions 13.0.0 through 13.3.0 Description: Umbraco is an ASP.NET CMS used by more than 730,000 websites. It has an...

Observation of Response Discrepancy to Enumerate Users

Overview Umbraco.Cms.Infrastructure is an infrastructure assembly needed to run Umbraco CMS. Affected versions of this package are vulnerable to Observation of Response Discrepancy to Enumerate Users due to the handling of the native login screen. An attacker with access to the native login scree...

CVE-2022-33311

Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors...

CVE-2022-33151

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors...

CVE-2022-30693

Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors...

CVE-2022-32544

Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors...

CVE-2022-30604

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2022-32583

Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors...

CVE-2022-32453

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors...

PT-2022-21359 · Cybozu · Cybozu Office

Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.5 Description: The issue allows a remote authenticated attacker to bypass operation restrictions and alter data in Project via unspecified vectors. Recommendations: For versions 10.0.0 through 10.8.5...

PT-2022-21713 · Cybozu · Cybozu Office

Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.5 Description: The issue allows remote attackers to inject an arbitrary script via unspecified vectors, exploiting a cross-site scripting vulnerability in specific parameters. Recommendations: For...

PT-2022-21763 · Cybozu · Cybozu Office

Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.5 Description: A browse restriction bypass issue in the Address Book of Cybozu Office allows a remote authenticated attacker to obtain Address Book data via unspecified vectors. Recommendations: For...

GitLab <= 10.7.6, 10.8.x - 10.8.5, 11.x - 11.0.3 Path Traversal Vulnerability

GitLab is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

UBUNTU-CVE-2018-12606

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature...

Apple Mac OS X Multiple Vulnerabilities -08 (Sep 2014)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-1260

QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted Microsoft Office document...

Mac OS X 10.8 < 10.8.5 Supplemental Update

The remote host is running a version of Mac OS X 10.8 that is missing the OS X v10.8.5 Supplemental Update. This update fixes a logic issue in verification of authentication credentials by Directory Services, which could otherwise allow a local attacker to bypass password validation. TRUSTED...