17 matches found
CVE-2026-26378
Affects Koha 25.11 and earlier. Cross-Site Scripting via the file upload function in Invoice features allows a remote attacker to execute arbitrary code. Root cause details are not provided beyond this description. No remediation or patch version is stated in the available documents.
CVE-2025-26378
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests...
CVE-2025-26378
creationtimestamp| type| source ---|---|--- 2025-02-12 14:48:42+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113991465046191646 2025-02-12 15:09:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lhyhdyrtcl24 2025-02-12 15:37:02+00:00| seen|...
CVE-2025-26378
CVE-2025-26378 describes a CWE-862 Missing Authorization in Q-Free MaxTime
CVE-2025-26378
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests...
CVE-2023-26378
Adobe Dimension 3.4.8 (and earlier) is affected by an out-of-bounds read in USD file parsing that can disclose memory and bypass ASLR. Exploitation requires the victim to open a malicious file. The issue is confirmed across multiple sources (NVD/NCSC/ZDI) and a fix was released to 3.4.9 via APSB2...
Adobe Dimension < 3.4.9 Multiple Vulnerabilities (APSB23-27)
The version of Adobe Dimension installed on the remote Windows host is prior to 3.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-27 advisory. - Adobe Dimension version 3.4.8 and earlier is affected by an out-of-bounds write vulnerability that could result ...
Adobe Dimension < 3.4.9 Multiple Vulnerabilities (APSB23-27) (macOS)
The version of Adobe Dimension installed on the remote macOS host is prior to 3.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-27 advisory. - Adobe Dimension version 3.4.8 and earlier is affected by an out-of-bounds write vulnerability that could result in...
SUSE: Security Advisory (SUSE-SU-2022:1923-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:1840-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:1751-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-26378
creationtimestamp| type| source ---|---|--- 2022-05-11 20:34:32+00:00| seen| https://t.me/cibsecurity/42386...
CVE-2021-26378
Insufficient bound checks in the System Management Unit SMU may result in access to an invalid address space that could result in denial of service...
CVE-2021-26378
CVE-2021-26378 is an SMU (System Management Unit) bound-check issue that can cause denial of service by exposing invalid address space. The descriptor in the initial document states only a bound-check deficiency in the SMU leading to DoS, with CVSS v3.1 base score 5.5 (Local, Low privileges requi...
AMD Server Vulnerabilities - May 2022
Bulletin ID: AMD-SB-1028 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...
CVE-2020-26378
CVE-2020-26378 is rejected/not used; this CVE ID does not represent an active vulnerability entry.
CVE-2020-26378
...