FluentCMS 安全漏洞

FluentCMS is a content management system from FluentCMS open source. A security vulnerability exists in FluentCMS version 1.2.3, which stems from improper input cleanup in the head portion of the Add Page feature, which could lead to a remote attacker injecting arbitrary script tags...

PT-2025-53591

Name of the Vulnerable Software and Affected Versions FluentCMS version 1.2.3 Description The application does not properly sanitize input in the section, which can allow remote attackers to inject arbitrary script tags. This issue was identified after logging in as an administrator and navigatin...

CVE-2025-67349

CVE-2025-67349 : FluentCMS 1.2.3 is affected by a cross-site scripting (XSS) vulnerability in the Add Page workflow. After admin login, input entered in the head section is not properly sanitized, allowing an attacker to inject arbitrary script tags. Descriptions across multiple sources confirm t...

Linux Distros Unpatched Vulnerability : CVE-2023-54017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerpc/pseries: fix possible memory leak in ibmebusbusinit If deviceregister returns error in ibmebusbusinit, name of kobject which is allocated in devsetname...

CVE-2022-50711

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: fix possible memory leak in mtkprobe If mtkwedaddhw has been called, mtkwedexit needs be called in error path or removing module to free the memory allocated in mtkwedaddhw...

CVE-2023-54002

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion of exclop condition when starting balance Balance as exclusive state is compatible with paused balance and device add, which makes some things more complicated. The assertion of valid states when starting fro...

SUSE CVE-2022-50769

In the Linux kernel, the following vulnerability has been resolved: mmc: mxcmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...

SUSE CVE-2023-54002

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion of exclop condition when starting balance Balance as exclusive state is compatible with paused balance and device add, which makes some things more complicated. The assertion of valid states when starting fro...

SUSE CVE-2023-54017

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: fix possible memory leak in ibmebusbusinit If deviceregister returns error in ibmebusbusinit, name of kobject which is allocated in devsetname called in deviceadd is leaked. As comment of deviceadd says, it shoul...

SUSE CVE-2023-54087

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubifreevolume It willl cause null-ptr-deref in the following case: uifinit ubiaddvolume cdevadd - if it fails, call killvolumes deviceregister killvolumes - if ubiaddvolume fails call this...

Linux Distros Unpatched Vulnerability : CVE-2022-50769

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mmc: mxcmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be...

Linux Distros Unpatched Vulnerability : CVE-2023-54117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - s390/dcssblk: fix kernel crash with listadd corruption Commit fb08a1908cb1 dax: simplify the daxdevice gendisk association introduced new logic for gendisk...

CVE-2019-25242

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...

CVE-2019-25242

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

CVE-2019-25247

The CVE-2019-25247 entry applies to the Beward N100 H.264 VGA IP Camera (M2.1.6). The vulnerability is a cross-site request forgery (CSRF) that lets an attacker trigger administrative actions by deceiving a logged-in user with a malicious page (hidden form to add an admin). Root cause: lack of pr...

CVE-2019-25242

The CVE covers FaceSentry Access Control System version 6.4.8, where a cross-site request forgery (CSRF) vulnerability enables an attacker to perform administrative actions without user consent by persuading an authenticated user to load a crafted page. The vulnerability targets the web interface...

CVE-2019-25242 FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery via Web Interface

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...

CVE-2019-25242 FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery via Web Interface

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...