CVE-2026-35581

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...

CVE-2026-30689

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...

CVE-2025-45379

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system...

OpenEXR has an unspecified vulnerability (CNVD-2025-24792)

OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in versions prior to OpenEXR 8.0, which can be exploited by an attacker to cause an out-of-bounds write...

EUVD-2025-28249

Malicious code in bioql PyPI...

CVE-2025-59713

Snipe-IT before 8.1.18 allows unsafe deserialization...

CVE-2024-9342

In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in...

Siemens SINAMICS PERFECT HARMONY GH180 访问控制错误漏洞

The Siemens SINAMICS PERFECT HARMONY GH180 is a high-voltage AC inverter from Siemens Germany. An access control error vulnerability exists in the Siemens SINAMICS PERFECT HARMONY GH180 versions prior to V8.0 through V8.3.3, which stems from improper access control of the maintenance connection a...

CVE-2024-29177

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain...

HP ThinPro Security Vulnerability

HP ThinPro Linux is an operating system for HP thin clients from Hewlett-Packard HP in the United States. A security vulnerability exists in HP ThinPro versions prior to 8.0 SP 8. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor's...

WordPress Plugin Wp photo text slider SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

CVE-2023-2046

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection. This issue affects Vehicle Tracking System: before 8...

CVE-2023-2046

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection.This issue affects Vehicle Tracking System: before 8...

CVE-2023-3074

Cross-site Scripting XSS - Stored in GitHub repository tsolucio/corebos prior to 8...

CVE-2023-3071

Cross-site Scripting XSS - Stored in GitHub repository tsolucio/corebos prior to 8...

PT-2023-22888 · Tsolucio · Tsolucio/Corebos

Name of the Vulnerable Software and Affected Versions: tsolucio/corebos versions prior to 8 Description: The issue concerns an unverified password change in the GitHub repository tsolucio/corebos. Recommendations: For versions prior to 8, update to version 8 or later to resolve the issue...

PT-2023-22943 · Unknown · Tsolucio/Corebos

Name of the Vulnerable Software and Affected Versions: tsolucio/corebos versions prior to 8 Description: The issue is related to Cross-site Scripting XSS - Stored. This is a type of security vulnerability that occurs when an application stores user input data without proper validation, allowing a...

CVE-2023-27512

Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation...

Talend Data Catalog 代码问题漏洞

Talend Data Catalog is a tool that combines data cataloging and metadata management from Talend. It is used to connect data from platforms, databases, and analytic tools to generate a holistic view of the information supply chain in a language everyone can understand. A security vulnerability...

AZL-8459 CVE-2022-0408 affecting package vim for versions less than 8.2.4743-1

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...