20 matches found
EUVD-2026-30110
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...
CVE-2026-30906
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
PT-2026-33978
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...
CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php
AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...
CVE-2025-5317 Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac
An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac BEST before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the...
CVE-2021-37162
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malformed UDP message, a buffer underflow occurs, leading to an out-of-bounds copy and possible remote co...
Unraid 安全漏洞
Unraid is a suite of operating systems from Unraid, Inc. intended primarily for personal and small business use. A security vulnerability exists in Unraid versions prior to 7.0.1 that originates from a remote user being able to access the Unraid WebGUI and web console as root without authenticati...
WordPress Plugin Vertical marquee SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
SUSE CVE-2020-27757
A floating point math calculation in ScaleAnyToQuantum of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by...
PT-2023-13793 · WordPress · Wp User
Name of the Vulnerable Software and Affected Versions: WP User WordPress plugin versions prior to 7.0 Description: The issue is related to a SQL injection that can be exploited by unauthenticated users due to improper sanitization and escaping of a parameter in a SQL statement. Recommendations: F...
CVE-2022-2965
Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7...
CVE-2022-2734
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1...
CVE-2022-28616
A remote server-side request forgery ssrf vulnerability was discovered in HPE OneView versions: Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView...
CVE-2022-23706
A remote cross-site scripting xss vulnerability was discovered in HPE OneView versions: Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView...
UBUNTU-CVE-2018-11802
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all...
CVE-2019-11985
A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-11957
A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-5369
A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-5353
A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2017-2187
Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...