CVE-2025-63248

DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires...

EUVD-2025-37898

DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires...

CVE-2025-63248

DWSurvey 6.14.0 is affected by an Incorrect Access Control issue in the questionnaire deletion flow. Replacing the targeted questionnaire ID with another ID can enable deletion of additional questionnaires, revealing a path to unauthorized modification of data. Affected product: DWSurvey 6.14.0. ...

CVE-2025-21949

CVE-2025-21949: LoongArch Linux kernel vulnerability in hugetlb mmap base address alignment. The issue occurred when the base address allocated from hugetlbfs was not aligned to the PMD size, triggering a kernel BUG in mm/hugetlb.c. A patch was added to check hugetlbfs mappings and align the mmap...

PT-2025-18442

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0+ Description The issue is related to an out-of-bounds shift when invalidating TLB in the Linux kernel. This occurs when the size of the range invalidated is larger than rounddown pow of twoULONG MAX, causi...

PT-2025-20491

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc4-g5394eea10651 Description A vulnerability in the Linux kernel has been resolved, specifically in the mtd: rawnand: brcmnand module. The issue caused a warning on PM resume due to an uninitialized struc...

Greenplum Database 路径遍历漏洞

Greenplum Database is an advanced , full-featured open source data warehouse based on PostgreSql . It is used to analyze massively parallel PostgreSql. A security vulnerability exists in Greenplum Database versions prior to 5.28.6 and 6.14.0, which stems from a lack of restriction and filtering o...

CVE-2021-26084

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before...

CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect...

Atlassian Confluence Server Cross-Site Scripting Vulnerability (CNVD-2020-52943)

Atlassian Confluence Server is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi. A cross-site scripting vulnerability exists in the Attachment Upload feature in Atlassian Confluence Server...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Confluence before version 6.13.6, from version 6.14.0 before version 6.15.5, and from version 7.0.0 before 7.0.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See...

CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...

Atlassian Confluence Widget Connector Macro Velocity Template Injection Exploit

Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not...