44 matches found
CVE-2025-0824
Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...
CVE-2026-45677
Summary (CVE-2026-45677): Rocket.Chat prior to versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11 fails to verify the signature on inbound SAML LogoutRequest messages. This allows an unauthenticated remote attacker who knows a target user’s SAML NameID (commonly the user’s ema...
PT-2026-40919
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description An externally-controlled format string in the timeofday...
CyberChef has a Cross-site Scripting issue
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder
CVSSv3.1 Rating: Medium CVSSv3.1 Score: 5.9 CVSSv3.1 Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Summary and Impact An issue exists in the the EventStream header decoder in AWS SDK for Go v2 in versions predating 2026-03-23. An actor can send a malformed EventStream response frame...
SUSE CVE-2026-2003
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...
CVE-2025-62799 FastDDS's heap buffer overflow in RTPS DATA_FRAG enables unauthenticated DoS (potential RCE)
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATAFRAG receive path. An un authenticated sender can transmit a single malformed RTPS...
CVE-2025-14472
CVE-2025-14472 is a CSRF vulnerability in the Drupal Acquia Content Hub integration. Affected versions are Acquia Content Hub 0.0.0–3.6.3 and 3.7.0–3.7.2. Root cause is a CSRF protection gap that could allow actions on behalf of authenticated users. The CVSS 3.1 base metrics indicate HIGH impact ...
CVE-2023-49089
Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0...
PT-2026-1081
Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.7.3256 build 20250913 Description A flaw exists where a remote attacker, having obtained administrator privileges, could trigger a denial-of-service DoS condition through a NULL pointer dereference. Recommendations...
PT-2026-1042
Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions prior to 8.0 Description A flaw exists in EmpireSoft EmpireCMS that allows for unrestricted file uploads. This issue is located in the CheckSaveTranFiletype function within the e/class/connect.php file. Successful...
EUVD-2025-205286
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS.This issue affects Specto CM: before 17032025...
CVE-2025-64467 Out-of-Bounds Read in LVResFile::FindRsrcListEntry() in NI LabVIEW
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...
QNAP QTS Video Station SQLi Vulnerability (QSA-25-32)
QNAP Video Station is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
KLA86476 ACE vulnerability in WinRAR
A remote code execution vulnerability was found in WinRAR. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories WinRAR 7.13 Final released CVE-2025-31334 Exploitation Public exploits exist for this vulnerability. Related products WinRAR CVE list...
Splunk Enterprise 操作系统命令注入漏洞
Splunk Enterprise is a suite of data collection and analytics software from Splunk Corporation in the United States. Splunk Enterprise suffers from an operating system command injection vulnerability that stems from improper input cleanup and could lead to remote command execution. The following...
CVE-2023-21889
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
AZL-59838 CVE-2025-32386 affecting package helm for versions less than 3.15.2-3
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...
PT-2025-7717 · Agito Computer · Health4All
Name of the Vulnerable Software and Affected Versions: Agito Computer Health4All versions prior to 10.01.2025 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
Rockwell Automation Power Monitor 1000 安全漏洞
Rockwell Automation Power Monitor 1000 is a power monitor from Rockwell Automation. A security vulnerability exists in Rockwell Automation Power Monitor 1000 versions prior to 4.020, which can be exploited by an attacker to configure a new policyholder user without any authentication through the...