CVE-2026-27508

CVE-2026-27508 affects Smoothwall Express versions prior to 3.1 Update 13. The issue is a reflected XSS in the /redirect.cgi endpoint caused by improper sanitation of the url parameter. Attackers can craft URLs containing javascript: schemes that execute arbitrary JavaScript in a victim’s browser...

CVE-2026-24390

CVE-2026-24390 describes a Local File Inclusion in the WordPress plugin Kentha Elementor Widgets (Kentha Elementor Widgets) caused by improper filename control in PHP include/require. Affected: Kentha Elementor Widgets versions = 3.1.0. Technical details in connected docs confirm the vulnerabilit...

MLflow 代码问题漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A code issue vulnerability exists in MLflow versions prior to 3.1.0 that stems from a missing...

GRAU DATA Blocky 安全漏洞

GRAU DATA Blocky is a ransomware protection software from GRAU DATA, Germany. A security vulnerability exists in GRAU DATA Blocky versions prior to 3.1 that stems from storing passwords in an encrypted manner, allowing an attacker to steal a user's Blocky password and impersonate a local user...

SUSE CVE-2011-1833

Race condition in the ecryptfsmount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfsprivate mount with a mismatched uid...

ZKTeco ZKBio Time 跨站脚本漏洞

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time prior to version 3.1-164, which originates from a vulnerability that allows users to embed malicious code in the Web UI...

CVE-2022-32258

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure...

CVE-2022-32256

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information...

CVE-2022-27221

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown strin...

CVE-2022-32255

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information...

DELL Dell Wyse Management Suite 跨站脚本漏洞

Wyse Management Suite is a next-generation management solution that enables you to centrally configure, monitor, manage and optimize Wyse thin clients. A stored cross-site scripting vulnerability exists in versions prior to Wyse Management Suite 3.1. An attacker could exploit this vulnerability t...

Dell Command Update Arbitrary File Deletion Vulnerability

Dell Command Update is part of the Dell Client Command Suite and can be used to get all the latest driver, firmware and BIOS updates for Latitude, Optiplex and Precision systems. An arbitrary file deletion vulnerability exists in Dell Command Update versions prior to 3.1, which can be exploited b...

CVE-2018-12090

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

Siemens TeleControl Server Basic Authentication Bypass Vulnerability

Siemens TeleControl Server Basic is a remote control system for Siemens equipment from Siemens, Germany. A security vulnerability exists in Siemens TeleControl Server Basic versions prior to 3.1. An attacker could use this vulnerability to bypass the identity access mechanism and read restricted...

CVE-2018-4835

A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...

PT-2017-5755 · Joomla · Googlemaps Plugin

Name of the Vulnerable Software and Affected Versions: Googlemaps plugin versions prior to 3.1 for Joomla! Description: The issue is related to a cross-site scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading t...

PT-2017-3250 · Gnu +1 · Libffi +1

Name of the Vulnerable Software and Affected Versions: libffi versions prior to 3.1 Description: The issue is caused by libffi requesting an executable stack, allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. This is due to a buffer overflow operation in...

PT-2013-1519 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager RHEV-M versions prior to 3.1 Description: The issue concerns the use of the -k curl parameter by the vds installer when adding a host, which prevents SSL certificates from being validated. This allows...

kernel: net: improve sequence number generation

The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...