CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...

EUVD-2021-22125

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

CVE-2021-35485

CVE-2021-35485 impacts Nokia IMPACT’s Applications component for versions up to 19.11.2.10-20210118042150283. An authenticated user can arbitrarily upload server-side executable files through the /ui/rest-proxy/application fileupload parameter when adding a new application or editing an existing ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005803)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005803 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if deviceadd fails If deviceadd returns error, the name...

Sony IP Cameras Cross-Site Request Forgery (CVE-2013-3539)

Cross-site request forgery CSRF vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for...

CVE-2025-52563 Chamilo: Reflected XSS via page parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to insufficient sanitization of the page parameter in the session/adduserstosession.php endpoint. This issue has been patched in version 1.11.30...

CVE-2025-52563 Chamilo: Reflected XSS via page parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to insufficient sanitization of the page parameter in the session/adduserstosession.php endpoint. This issue has been patched in version 1.11.30...

CVE-2025-52470 Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...

CVE-2025-52470

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...

CVE-2026-24111

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow...

CVE-2026-24110

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", &dhcpsIndex, dhcpsIP, dhcpsMac;, the lack of size validation for the rules could...

Chamilo 安全漏洞

Chamilo is a learning management system open source by Chamilo. A cross-site scripting vulnerability exists in the Chamilo adduserstosession.php file, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload...

PT-2026-22636

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.3 Description NocoDB is software for building databases as spreadsheets. An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. The issue affects versions prior...

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the category name field in the file sessioncategoryadd.php, which could allow privileged...

CVE-2026-24111

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow...

NocoDB SQL注入漏洞

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 had a SQL injection vulnerability; this vulnerability stemmed from unvalidated unit parameters in the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005541)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005541 advisory. In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via uprobes vma xoladdvma maps the uninitialized page allocated by...

PT-2026-22617

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the session category add.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent...

CVE-2026-28354

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item /actions/addtocollection.php due to missi...