DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization

DNN DotNetNuke versions 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters because of an incomplete fix for CVE-2018-15811. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code...

CVE-2024-47268

Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

CVE-2024-47271

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

EUVD-2024-55596

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

CVE-2024-47267

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...

CVE-2024-47267

Synology Surveillance Station: Path traversal vulnerability in the Archiving Pull function allows remote authenticated administrators to write limited files in restricted paths. Affected: Surveillance Station prior to 9.2.2-11575 and 9.2.2-9575. Root cause: improper limitation of a pathname to a ...

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...

PT-2026-43580

Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 Description The Export Key functionality contains a flaw that allows the cleartext transmission of sensitive information. Th...

EUVD-2026-15419

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

CVE-2026-23514

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

CVE-2026-23514

Kiteworks Core vulnerability CVE-2026-23514 affects versions 9.2.0 and 9.2.1, where an access control flaw lets authenticated users access content they should not. This results in high impact on confidentiality, integrity, and availability (CVSS v3.1: 8.8; NETWORK, LOW exploitability, no user int...

PT-2026-27781

Name of the Vulnerable Software and Affected Versions Kiteworks versions 9.2.0 through 9.2.1 Description Kiteworks Core has an access control issue that permits authenticated users to access content they are not authorized to view. The software is a private data network PDN. Recommendations Upgra...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the comment block modification process. An attacker can alter comments created by other users by leveraging editor permissions without proper authorization checks. Remediation Upgrade...

@chocolatey-software/astro (>=2.0.0 <=2.5.0), choco-astro (>=0.3.1 <=0.4.0) potentially affected by CVE-2026-27729 via @astrojs/node (>=9.2.2 <=9.5.2)

@astrojs/node NPM version =9.2.2, =2.0.0, =0.3.1, =0.4.0 Source cves: CVE-2026-27729 Source advisory: OSV:GHSA-JM64-8M5Q-4QH8...

@chocolatey-software/astro (>=2.0.0 <=2.5.0), choco-astro (>=0.3.1 <=0.4.0) potentially affected by CVE-2026-27829 via @astrojs/node (>=9.2.2 <=9.5.2)

@astrojs/node NPM version =9.2.2, =2.0.0, =0.3.1, =0.4.0 Source cves: CVE-2026-27829 Source advisory: OSV:GHSA-CJ9F-H6R6-4CX2...

Incorrect Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Incorrect Authorization in the sharing endpoint. An attacker can escalate privileges by sending a crafted HTTP request to change a...

choco-astro (>=0.3.1 <=0.4.0) potentially affected by CVE-2025-61925 via @astrojs/node (>=9.2.2 <=9.3.0)

@astrojs/node NPM version =9.2.2, =0.3.1, =0.4.0 Source cves: CVE-2025-61925 Source advisory: SNYK:JS-ASTROJSNODE-13535086...

EUVD-2019-8794

Malware in sbrugna...

EUVD-2016-5630

Malware in sbrugna...