30 matches found
CVE-2026-48266
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
Advisory ROSA-SA-2026-3182
Software: sqlite 3.26.0 OS: ROSA Virtualization 3.0 unaffected versions = sqlite-3.26.0-20.rv30 affected versions sqlite-3.26.0-20.rv30 CVE-ID: CVE-2025-6965 BDU-ID: 2025-08786 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Aggregate Term Handler component of the SQLite database management syst...
CVE-2026-21339
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that...
CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14
CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14. A patched version of the package is available...
CVE-2025-64464 Out-of-Bounds Read in lvre!VisaWriteFromFile() in NI LabVIEW
There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. Th...
SUSE CVE-2017-3468
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Encryption. Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...
PT-2025-5515 · Kiboko · Kiboko Labs Chained Quiz
Name of the Vulnerable Software and Affected Versions: Kiboko Labs Chained Quiz versions 1.3.2.9 and earlier Description: A Server-Side Request Forgery SSRF issue allows for server-side request forgery. This issue may potentially be exploited to access internal resources or conduct further attack...
PT-2024-34844 · Doofinder · Doofinder
Name of the Vulnerable Software and Affected Versions: Doofinder versions 0.5.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS or Reflected XSS. This type of issue allows an attacker to inject...
Gambio Log Information Disclosure Vulnerability
Gambio is an all-in-one e-commerce solution from Gambio, Inc. A log information disclosure vulnerability exists in Gambio 4.9.2.0 and earlier versions, which originates from a vulnerability that allows attackers to obtain sensitive information via error-handler.log.json and...
CVE-2024-21780
Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service DoS condition. Note that the affected products are no longer supported...
PT-2023-15085 · Unknown · Kaizencoders Short Url
Name of the Vulnerable Software and Affected Versions: KaizenCoders Short URL versions 1.6.4 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
SUSE CVE-2021-35622
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
PT-2023-24630 · Unknown · Shopconstruct
Name of the Vulnerable Software and Affected Versions: ShopConstruct plugin versions 1.1.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects the ShopConstruct plugin...
PT-2023-16743 · WordPress · Wp Plugin Manager
Name of the Vulnerable Software and Affected Versions: WP Plugin Manager versions prior to 1.1.8 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF attack...
SUSE CVE-2022-21526
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
Fuji Electric Monitouch V-SFT和TELLUS 缓冲区错误漏洞
Fuji Electric Monitouch V-SFT and Fuji Electric TELLUS are both products of Fuji Electric Japan.Fuji Electric Monitouch V-SFT is a screen configuration software.Fuji Electric TELLUS is an advanced features, user-friendliness, and specialized software for remote control. A security vulnerability...
CVE-2021-20051
SonicWall Global VPN Client 4.10.7.1117 installer 32-bit and 64-bit and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system...
PT-2021-4773 · Adobe · Character Animator
Name of the Vulnerable Software and Affected Versions: Adobe Character Animator versions 4.4 and earlier Description: The issue is related to a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User...
UBUNTU-CVE-2021-35621
Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...
PT-2021-21037 · Oracle +8 · Mysql Server +7
Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.0.26 and prior Description: The issue allows a high privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in unauthorized update, insert, or delete...