1813 matches found
Palo Alto Networks Broker VM 输入验证错误漏洞
Palo Alto Networks Broker VM is a cloud security broker virtual machine component developed by Palo Alto Networks. There is a vulnerability in the input validation of Palo Alto Networks Broker VM, which allows authenticated administrators to inject arbitrary content into certain fields of the...
Easy2Pilot 跨站请求伪造漏洞
Easy2Pilot is a customer and property management platform developed by Easy2Pilot Inc., aimed at real estate agents and property sales professionals. Easy2Pilot has a cross-site request forgery vulnerability. This vulnerability stems from cross-site request forgery attacks, which may allow...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability, which stems from permission management issues...
Palo Alto Networks PAN-OS 操作系统命令注入漏洞
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a vulnerability in PAN-OS related to command injection. This vulnerability stems from multiple command injections, which may allow authenticated administrators to bypass system...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability, which stems from a directory traversal...
PT-2026-40564
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...
CubeCart 代码注入漏洞
CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a code injection vulnerability. This vulnerability stemmed from insecure server-side template injections in multiple modules. The application evaluated user input directly through the...
EUVD-2026-29848
Wing FTP Server 8.1.2 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session values...
EUVD-2026-29762
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...
CVE-2026-44403 Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session...
CVE-2026-34653
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...
CVE-2026-6813 Continually <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'continually_embed_code' Parameter
The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2026-6800 FastBots <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
HPE Aruba Networking Wireless Operating System 安全漏洞
HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...
HPE Aruba Networking Wireless Operating System 安全漏洞
HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...
HPE Aruba Networking Wireless Operating System 安全漏洞
HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...
SAP NetWeaver ABAP Platform和SAP NetWeaver Application Server for ABAP 命令注入漏洞
SAP NetWeaver ABAP Platform and SAP NetWeaver Application Server for ABAP are both products of SAP, a German company. SAP NetWeaver ABAP Platform is an integrated technology platform. SAP NetWeaver Application Server for ABAP is a core application server platform. Both SAP NetWeaver ABAP Platform...
Adobe Commerce 路径遍历漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. Adobe Commerce has a path traversal vulnerability, which stems from improper path name restrictions. This vulnerability may allow arbitrary file system reads and writes...
PT-2026-40434
Name of the Vulnerable Software and Affected Versions Wing FTP Server version 8.1.2 Description An authenticated remote code execution issue exists in the session serialization mechanism. Authenticated administrators can inject arbitrary Lua code through the domain admin mydirectory field. This...
SAP Forecasting and Replenishment 命令注入漏洞
SAP Forecasting and Replenishment is a demand forecasting and inventory replenishment management system developed by SAP, a German company, for retail and supply chain scenarios. SAP Forecasting and Replenishment has a command injection vulnerability. This vulnerability stems from OS command...