CVE-2025-13392

Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager DSM before 7.2.2-72806-5 and 7.3.1-86003-1 7.2.1-69057 is not affected allows remote attackers to bypass authentication with prior knowledge of the distinguished name DN...

ChurchCRM 授权问题漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions 7.2.0 to 7.2.2 of ChurchCRM have vulnerabilities related to authorization. These vulnerabilities stem from incomplete fixes to the CVE-2026-4058 vulnerability, which may allow attackers to exploit the PoC Proof of Concept...

CVE-2026-39815

Fortinet FortiDDoS-F versions 7.2.1–7.2.2 are described as vulnerable to an improper neutralization of special elements used in an SQL command (SQL injection). The issue could allow an attacker to execute unauthorized code or commands via an attack vector. The connected documents do not provide e...

CVE-2026-39815

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests...

Fortinet FortiDDoS-F 安全漏洞

Fortinet FortiDDoS-F is a distributed denial-of-service protection system developed by the American company Fortinet. Versions 7.2.1 to 7.2.2 of Fortinet FortiDDoS-F contain security vulnerabilities. These vulnerabilities stem from improper handling of special elements within SQL commands, which...

PT-2026-32694

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests...

EUVD-2026-10521

A UNIX symbolic link Symlink following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root...

CVE-2026-24018

A UNIX symbolic link Symlink following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root...

PT-2026-24244

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientLinux versions 7.2.2 through 7.2.12 Fortinet FortiClientLinux versions 7.4.0 through 7.4.4 Description A flaw exists in Fortinet FortiClientLinux that involves a symbolic link Symlink following issue. This can allow a local...

Fortinet FortiClientLinux 安全漏洞

Fortinet FortiClientLinux is a security client software developed by the American company Fortinet. There are security vulnerabilities in versions 7.4.0 to 7.4.4 of Fortinet FortiClientLinux, as well as in versions 7.2.2 to 7.2.12 of FortiClientLinux. These vulnerabilities stem from UNIX symbolic...

EUVD-2026-5345

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...

PT-2026-6307

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 6.3.6 Wagtail versions prior to 7.0.4 Wagtail versions prior to 7.1.3 Wagtail versions prior to 7.2.2 Wagtail versions prior to 7.3 Description Wagtail, an open source content management system built on Django, contai...

CVE-2021-47800

b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpag...

CVE-2025-58693

CVE-2025-58693 affects Fortinet FortiVoice versions 7.2.0–7.2.2 and 7.0.0–7.0.7. The root cause is an improper limitation of a pathname to a restricted directory (path traversal), enabling a privileged attacker to delete files on the underlying filesystem via crafted HTTP/HTTPS requests. Per the ...

Fortinet FortiVoice 路径遍历漏洞

Fortinet FortiVoice is a Unified Communications and Collaboration-as-a-Service from Fortinet, Inc. A path traversal vulnerability exists in Fortinet FortiVoice versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.7, which stems from an improperly restricted path traversal and could lead to a...

EUVD-2025-203587

Missing Authorization vulnerability in Design Stylish Price List stylish-price-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stylish Price List: from n/a through = 7.2.2...

CVE-2025-66122 WordPress Stylish Price List plugin <= 7.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Design Stylish Price List stylish-price-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stylish Price List: from n/a through = 7.2.2...

CVE-2025-60024

Multiple Improper Limitations of a Pathname to a Restricted Directory 'Path Traversal' vulnerabilities CWE-22 vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or...

Fortinet FortiVoice 路径遍历漏洞

Fortinet FortiVoice is a Unified Communications and Collaboration-as-a-Service from Fortinet, Inc. A path traversal vulnerability exists in Fortinet FortiVoice versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.7, which stems from an improperly restricted path that could result in writing to an...

CVE-2024-45538

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors...