CVE-2018-25421

Open STA Manager 2.3 is affected by a path traversal vulnerability that lets authenticated users download arbitrary files by calling modules/backup/actions.php?op=getfile and traversing with ../ sequences to access sensitive system files. Affected component is the Open STA Manager implementation;...

Open STA Manager 路径遍历漏洞

Open STA Manager is an enterprise service management system developed by the Italian company Open STA Manager. Version 2.3 of Open STA Manager contains a path traversal vulnerability. This vulnerability arises from operations using the file parameter, which may allow authenticated users to downlo...

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 CVSS score: 10.0, relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts...

PT-2026-42570

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/dialog/event/duplicate' endpoint. CSRF is a flaw that allows an attacker to trick a victim into performing actions they d...

Astra Linux - уязвимость в advancecomp

Advancecomp v2.3 was discovered to contain a segmentation fault...

Astra Linux - уязвимость в advancecomp

Advancecomp v2.3 was discovered to contain a heap buffer overflow...

Astra Linux - уязвимость в advancecomp

It was discovered that Advancecomp v2.3 contains a heap buffer overflow issue due to the interceptormemcpy component at /sanitizercommon/sanitizercommoninterceptors.inc...

EUVD-2025-209603

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

CVE-2026-7044 GreenCMS index.php themeadd unrestricted upload

A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. This vulnerability only...

CVE-2026-7043 GreenCMS index.php pluginAddLocal unrestricted upload

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

Security Bulletin: runc File Descriptor Leak Leads to Container Escape Vulnerability (Fixed in 1.1.12), affects watsonx.data

Summary runc ≤ 1.1.11 contains a file descriptor leak vulnerability that can allow container processes to access the host filesystem, leading to potential container escape and host compromise. Fixed in version 1.1.12. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-21626...

WordPress plugin AddFunc Head & Footer Code 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-33457

Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value...

Security Bulletin: MCP Python SDK DNS Rebinding Vulnerability in HTTP Servers (Fixed in 1.23.0) affects watsonx.data

Summary The MCP Python SDK mcp prior to 1.23.0 did not enable DNS rebinding protection by default for HTTP-based servers. This could allow a malicious website to bypass same-origin policies and send requests to a local MCP server running without authentication. This can affect watsonx.data...

CVE-2025-39666

CVE-2025-39666 affects Checkmk in multiple versions: 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, and 2.5.0 beta before 2.5.0b3. A site user can escalate to root by manipulating files in the site context that are processed when the omd command is run by root. This yields a local pri...

Security Bulletin: Memory Exhaustion via Excessive Cookies in HTTP Servers, affects watsonx.data

Summary HTTP servers may be vulnerable to memory exhaustion because, while HTTP headers have a 1MB limit, there is no limit on the number of cookies parsed. An attacker can send many small cookies e.g., a=; to trigger excessive memory allocation, potentially leading to high memory usage or...

CVE-2016-20061 sheed AntiVirus 2.3 Unquoted Service Path Privilege Escalation

sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to...

Exploit for Race Condition in Openbsd Openssh

CVE-2018-15473 — SSH Username Enumeration Tool A Python 3 r...

CVE-2019-25550

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...

CVE-2019-25550

Encrypt PDF 2.3 has a local-denial-of-service vulnerability caused by a buffer overflow in password fields. An attacker can crash the application by pasting a ~1000-byte buffer into either the User Password or Master Password field in the Settings dialog during PDF import. The CVSS metrics indica...