Ghidra Software Reverse Engineering Framework 安全漏洞

Ghidra Software Reverse Engineering Framework is an open-source software reverse engineering framework developed by the National Security Agency. Versions of the Ghidra Software Reverse Engineering Framework prior to 12.0.3 contained security vulnerabilities. These vulnerabilities stemmed from...

CVE-2026-1056

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

CVE-2026-1056

Summary: CVE-2026-1056 affects the Snow Monkey Forms WordPress plugin. The vulnerability is caused by insufficient file path validation in the PHP function that generates a user directory path, specifically in Directory::generate_user_dirpath, which concatenates an unvalidated form_id onto a toke...

CVE-2026-1056

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

WordPress Snow Monkey Forms plugin <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal vulnerability

Unauthenticated Arbitrary File Deletion via Path Traversal vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Snow Monkey Forms versions = 12.0.3...

EUVD-2019-4577

Malware in sbrugna...

Fedora 43 : forgejo (2025-5fc3f360cf)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-5fc3f360cf advisory. This is an upstream security and bugfix release. Please refer to the upstream release notes for versions 12.0.2 and 12.0.3 for details about changes. Tenable...

CVE-2025-3169 Projeqtor saveAttachment.php unrestricted upload

A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The...

CVE-2025-3169

CVE-2025-3169 affects Projeqtor up to 12.0.2. The vulnerability resides in the file /tool/saveAttachment.php where manipulating the attachmentFiles parameter enables unrestricted uploads. It can be triggered remotely, with attack complexity rated as high; exploitation is known to be difficult and...

PT-2024-29553 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.3 Description: The issue concerns an HTML injection vulnerability. A remote attacker could inject malicious HTML code, which when viewed,...

PT-2024-28991 · Ibm · Ibm Cognos Analytics +1

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.3 IBM Cognos Analytics Reports for iOS version 11.0.0.7 Description: A local attacker could obtain sensitive information in the form of an A...

SugarCRM 13.0.1 Shell Upload

------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions:...

CVE-2023-35809

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

SugarCRM Enterprise SQL注入漏洞

SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...

Debian: Security Advisory (DLA-3434-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

Adobe Bridge versions 12.0.3 and earlier and 13.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-21583 Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Bridge versions 12.0.3 and earlier and 13.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

CVE-2023-22228

Adobe Bridge is affected by CVE-2023-22228: an Improper Input Validation vulnerability that could allow arbitrary code execution in the context of the current user. Affected versions are 12.0.3 (and earlier) and 13.0.1 (and earlier). Exploitation requires user interaction, specifically the victim...

SUSE CVE-2018-3776

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...

SUSE CVE-2019-6233

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution...