CVE-2026-24872 Pointer arithmetic error in SkyFire_548

improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...

CVE-2025-34256

Advantech WISE-DeviceOn Server (prior to 5.4) uses a static HS512 HMAC secret to sign EIRMMToken JWTs, enabling forged tokens with a valid email claim. This allows remote, unauthenticated attackers to impersonate any DeviceOn account, including the root super admin, and obtain full administrative...

EUVD-2025-201434

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

CVE-2025-34260 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/schedule

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

Linux Distros Unpatched Vulnerability : CVE-2015-8235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in Spiffy before 5.4. CVE-2015-8235 Note that Nessus relies on the presence of the package as reported by the vendor...

OESA-2024-1910 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: Heap-based buffer overflow...

OESA-2024-1913 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: Heap-based buffer overflow...

CVE-2024-22221

Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information...

PT-2024-2797 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions prior to 5.4 Description: The issue is related to a lack of protection of the SQL query structure in the Dell Unity Operating Environment, which can be exploited by an authenticated attacker to expose sensitive information...

PT-2024-3208 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions prior to 5.4 Description: The issue is related to an OS Command Injection Vulnerability in the svc topstats utility of the Dell Unity Operating Environment. This vulnerability exists due to the lack of measures to neutrali...

SUSE CVE-2013-2110

Heap-based buffer overflow in the phpquotprintencode function in ext/standard/quotprint.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted argument to the quotedprintableenco...

SUSE CVE-2016-6254

Heap-based buffer overflow in the parsepacket function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted network packet...

SUSE CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

CKAN 安全漏洞

CKAN is an open source Dms data management system. Used to power data centers and data portals. A security vulnerability exists in CKAN versions prior to 5.4.1, which stems from the fact that if a user does not set a custom value via an environment variable in the .env file, a key is shared betwe...

UBUNTU-CVE-2020-25286

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-36214)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 5.4.0. An attacker could exploit the vulnerability to compromise confidentiality...

Linux kernel denial of service vulnerability (CNVD-2020-32620)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'prbcalcretireblktmo' function in the net/packet/afpacket.c file in versions of Linux kernel prior to 5.4.7. An attacker can...

CVE-2018-16147

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

CVE-2016-4842

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read...

CVE-2016-3448

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors...