Team folders access control vulnerability

Team Folders is an open-source file sharing software developed by Nextcloud. Versions of Team Folders from 17.0.0 to 17.0.15, from 18.0.0 to 18.1.12, from 19.0.0 to 19.1.16, from 20.0.0 to 20.1.11, and from 21.0.0 to 21.0.4 contain an access control vulnerability. This vulnerability stems from a...

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform such as 1.8-rc-1, 17.0.0-rc-1, and 17.5.0-rc-1 and earlier contain security vulnerabilities. These vulnerabilities stem from resource exhaustion issues with the...

CVE-2026-5178

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The...

XWiki Rendering 安全漏洞

XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering versions 16.10.9 and earlier, 17.0.0-rc-1 through 17.4.2, and...

XWiki Platform 输入验证错误漏洞

XWiki Platform is the XWiki open source suite of Wiki platforms for creating web collaboration applications. An input validation error vulnerability exists in XWiki Platform versions 17.0.0-rc1 through 17.2.2 and 16.10.5 and earlier, which stems from an uncleaned SQL query and could lead to a SQL...

XWiki 16.10.0-rc-1 < 16.10.4, 17.0.0-rc-1 < 17.1.0 RCE Vulnerability (GHSA-rhfv-688c-p6hp)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

UBUNTU-CVE-2024-4994

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...

CVE-2024-12658

A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This issue affects the function 0x8001E01C in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required t...

IObit Advanced SystemCare Utimate 安全漏洞

IObit Advanced SystemCare Utimate is a powerful antivirus and system optimization tool from IObit. A security vulnerability exists in IObit Advanced SystemCare Utimate version 17.0.0 and earlier, which stems from a function 0x8001E000 in the AscRegistryFilter.sys library of the component IOCTL...

PT-2024-17697 · Iobit · Iobit Advanced Systemcare Ultimate +1

Name of the Vulnerable Software and Affected Versions: IObit Advanced SystemCare Ultimate versions up to 17.0.0 Description: A problematic issue has been found, affecting the function 0x8001E000 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null...

IObit Advanced SystemCare Utimate 安全漏洞

IObit Advanced SystemCare Utimate is a powerful antivirus and system optimization tool from IObit. A security vulnerability exists in IObit Advanced SystemCare Utimate version 17.0.0 and earlier, which stems from a function 0x8001E004 in the AscRegistryFilter.sys library of the component IOCTL...

PYSEC-2024-161

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

org.keycloak:keycloak-guides (>=17.0.0 <=17.0.1), org.keycloak:keycloak-guides-maven-plugin (>=17.0.0 <=17.0.1) +3 more potentially affected by CVE-2024-9666 via org.keycloak:keycloak-quarkus-server (>=17.0.0 <=17.0.1)

org.keycloak:keycloak-quarkus-server MAVEN version =17.0.0, =17.0.0, =17.0.0, =17.0.0, =17.0.0, =17.0.0, =17.0.1 Source cves: CVE-2024-9666 Source advisory: OSV:GHSA-JGWC-JH89-RPGQ...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

PoC exploit for CVE-2023-30253, an authenticated remote command...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

POC exploit for Dolibarr example: python3 exploit.py http...

Kingsoft WPS 安全漏洞

Kingsoft WPS is a kind of office software from Kingsoft, a Chinese company. It provides document processing functions. A security vulnerability exists in Kingsoft WPS versions prior to 17.0.0, which stems from the inability to properly clean up filenames before they are interactively processed...

PT-2024-26379 · Kingsoft · Wps Office

Name of the Vulnerable Software and Affected Versions: WPS Office versions prior to 17.0.0 Description: The issue arises from the application's failure to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This...

Evmos 安全漏洞

Evmos is a scalable, high-throughput proof-of-equity blockchain. It is used for full compatibility and interoperability with Ether. A security vulnerability exists in Evmos versions prior to 17.0.0, which stems from the fact that transaction execution does not take into account all state...

verify-changed-files Input Verification Error Vulnerability

changed-files is used to track the relative paths returned from the project root for all changed files and directories associated with the target branch, previous commits, or the last remote commit. An input validation error vulnerability exists in versions prior to verify-changed-files 17.0.0,...

F5 Networks BIG-IP : F5 BIG-IP Guided Configuration XSS vulnerability (K21317311)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8 / 16.1.3.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K21317311 advisory. - On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5...