14 matches found
CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static
Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...
CVE-2026-44069
An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...
CVE-2026-39386
Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...
PT-2026-29856
Name of the Vulnerable Software and Affected Versions Rack versions 3.0.0.beta1 through 3.1.21 and versions 3.2.0 through 3.2.6 Description Rack’s Rack::Multipart::Parserhandle mime head function parses quoted multipart parameters using repeated Stringindex searches and Stringslice! operations...
CVE-2025-7760 Reflected XSS in Ofisimo's Association Web Package Flora
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers. This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...
CVE-2021-22866
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...
CVE-2025-2180
The CVE-2025-2180 entry describes an unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma Cloud. Affected product: Checkov (in Prisma Cloud) versions prior to 3.2.415. Vulnerable component: the deserialization process when scanning Terraform files. Root cause: unsafe deser...
PT-2024-33466 · Unknown · Photo Gallery Builder
Name of the Vulnerable Software and Affected Versions: Photo Gallery Builder versions 3.0 and earlier Description: The issue is related to a broken access control for subscribers in Photo Gallery Builder. This allows unauthorized access, potentially leading to data breaches or other security...
PT-2024-22002 · Unknown · Eskooly Free Online School Management
Name of the Vulnerable Software and Affected Versions: Eskooly Free Online School management Software versions 3.0 and earlier Description: An issue in the authentication mechanism allows a remote attacker to escalate privileges. Recommendations: For versions 3.0 and earlier, update to a version...
PT-2023-3095 · Abb · Aspect-Enterprise Asp-Ent-X +19
Name of the Vulnerable Software and Affected Versions: ASPECT®-Enterprise versions 3.0;0 through 3.07.0 NEXUS Series versions 3.0;0 through 3.07.0 MATRIX Series versions 3.0;0 through 3.07.1 Description: The issue is related to improper input validation, which allows command injection. This can...
alcali (>=2018.3.4 <=3000.1.0), archivebox (>=0.4.6 <=0.4.21) +220 more potentially affected by CVE-2021-44420 via django (>=3.0.0 <=3.1.13)
django PYPI version =3.0.0, =2018.3.4, =0.4.6, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.3, =0.18.0, =0.3.0, =2.8.0, =0.0.1, =0.0.32, =0.0.33 and more Source cves: CVE-2021-44420 Source advisory: OSV:GHSA-V6RH-HP5X-86RV...
PT-2021-16921 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.24 Description: An issue was discovered where extracting a specifically crafted zip package could write files outside of the intended path. Recommendations: For Joomla! versions 3.0.0 through 3.9.24, update ...
IBM Security Key Lifecycle Manager Weak Password Policy Vulnerability
IBM Security Key Lifecycle Manager Tivoli Key Lifecycle Manager is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A weak password policy vulnerability exists in IBM...
as.leap:vertx-rpc (>=3.0.0 <=3.3.8), be.fluid-it.reactive-microservice.bundle:bootique-vertx (>=0.1-0 <=0.1-8) +1062 more potentially affected by CVE-2018-12537 via io.vertx:vertx-core (>=3.0.0 <=3.5.1)
io.vertx:vertx-core MAVEN version =3.0.0, =3.0.0, =0.1-0, =0.1-0, =1.2.1, =3.0.5, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12537 Source advisory: OSV:GHSA-6CW8-7J6C-HCCP...