Astra Linux - уязвимость в libreoffice

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so that it does not match the denylist, resulting in ShellExecute attempting to launch an executable file...

EUVD-2026-30777

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

Zoom Workplace 安全漏洞

Zoom Workplace is a desktop application developed by the American company Zoom. Versions of Zoom Workplace prior to 7.0.0 contained a security vulnerability. This vulnerability stemmed from a failure in the protection mechanisms, which could allow authenticated users to access sensitive informati...

CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

CVE-2025-67544

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Get Bowtied Shopkeeper Extender shopkeeper-extender allows Stored XSS.This issue affects Shopkeeper Extender: from n/a through 7.0...

LGSL 跨站脚本漏洞

LGSL Live Game Server List is a list of live game servers by Neon Personal Developers. A cross-site scripting vulnerability exists in LGSL versions prior to 7.0.0, which stems from vulnerability to cross-site scripting attacks...

SUSE CVE-2016-4072

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...

UBUNTU-CVE-2023-21885

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2022-32559

An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics...

Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display

XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display...

GHSA-CVRJ-CW2F-25QW Liferay Portal Vulnerable to XSS via an Invalid portletId

XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId...

PT-2021-3853 · Fortinet · Fortimail

Name of the Vulnerable Software and Affected Versions: FortiMail versions prior to 7.0.0 Description: The issue is related to missing cryptographic steps in the Identity-Based Encryption service of FortiMail, which may allow an attacker to compromise the confidentiality of encrypted master keys b...

php: Out-of-bounds read in phar_parse_pharfile

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the pharparsepharfile function in ext/phar/phar.c...

Liferay Portal CE Cross-Site Scripting Vulnerability (CNVD-2017-20980)

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses EJB as well as JMS and other technologies , and can be used as a Web publishing and sharing workspaces , enterprise collaboration platforms , social networks and so on. A cross-site scripting vulnerability exists ...

CVE-2017-2150

Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captchachalange parameter...

CVE-2016-5433

Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors...

PHP Double Release Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...