EUVD-2026-10497

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

CVE-2026-28501

WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...

CVE-2026-29093

WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who...

CVE-2026-28502

WWBN AVideo is an open source video platform. Prior to version 24.0, an authenticated Remote Code Execution RCE vulnerability was identified in AVideo related to the plugin upload/import functionality. The issue allowed an authenticated administrator to upload a specially crafted ZIP archive...

CVE-2026-28501

WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...

CVE-2026-29093

WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who...

CVE-2026-29093

CVE-2026-29093 affects WWBN AVideo prior to 24.0, where the official docker-compose.yml exposes memcached on host port 11211 without authentication and the PHP session store uses that memcached instance. An attacker who can reach 0.0.0.0:11211 can read, modify, or flush PHP session data, enabling...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 24.0 contained security vulnerabilities. These vulnerabilities stemmed from the memcached service not enabling authentication, which could lead to session hijacking and...

CVE-2025-31036

Cross-Site Request Forgery CSRF vulnerability in WPSOLR WPSolr wpsolr-free allows Privilege Escalation.This issue affects WPSolr: from n/a through = 24.0...

CVE-2025-31036

CVE-2025-31036 is a CSRF-to-Privilege Escalation flaw in the WPSolr WordPress plugin (Enterprise Search and Recommendations on local Docker). The vulnerability affects WPSolr up to version 24.0 and is documented as a CSRF to Privilege Escalation issue. Patch status in the related vulnerability li...

WinZip SEoL (24.0.x)

According to its version, WinZip is 24.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable,...

Quick Heal Antivirus Pro和Quick Heal Total Security 安全漏洞

Quick Heal Antivirus Pro and Quick Heal Total Security are both antivirus software from Quick Heal India. A security vulnerability exists in Quick Heal Antivirus Pro version v24.0 and Quick Heal Total Security version v24.0, which stems from a vulnerability that allows an authenticated attacker t...

AZL-43210 CVE-2024-3651 affecting package python-pip for versions less than 24.0-2

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

PT-2024-2297 · Adobe · Animate

Name of the Vulnerable Software and Affected Versions: Adobe Animate versions 24.0, 23.0.3 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations su...

PT-2024-2290 · Adobe · Animate

Name of the Vulnerable Software and Affected Versions: Adobe Animate versions 24.0, 23.0.3 and earlier Description: The issue is caused by a buffer overflow in dynamic memory, which could allow an attacker to execute arbitrary code by using a specially crafted file. Exploitation of this issue...

Adobe Audition Out-of-Bounds Read Vulnerability (CNVD-2023-88661)

Adobe Audition is a set of multi-track editing tools from the American company Audobee Adobe. The product is mainly used to include multi-track, waveforms and spectral display of the perfect toolset for audio content mixing, editing and creation. An out-of-bounds read vulnerability exists in Adob...

Adobe Audition Out-of-Bounds Read Vulnerability (CNVD-2023-88658)

Adobe Audition is a set of multi-track editing tools from the American company Audobee Adobe. The product mainly uses a comprehensive toolset that includes multi-track, waveform and spectral display to mix, edit and create audio content. An out-of-bounds read vulnerability exists in Adobe Auditio...

Adobe Audition Out-of-Bounds Read Vulnerability (CNVD-2023-88659)

Adobe Audition is a set of multi-track editing tools from the American company Audobee Adobe. The product is mainly used to include multi-track, waveforms and spectral display of the perfect toolset for audio content mixing, editing and creation. An out-of-bounds read vulnerability exists in Adob...

CVE-2023-47058

Adobe Premiere Pro version 24.0 and earlier and 23.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the contex...

CVE-2023-47055

Adobe Premiere Pro version 24.0 and earlier and 23.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...