2727 matches found
CVE-2025-13491
CVE-2025-13491 affects IBM App Connect Enterprise Certified Container. Affected: CD up to 12.19.0 and 12.0 LTS. Root cause: untrusted search path that could allow an attacker to access sensitive files or modify configurations; impact described as confidentiality/integrity concerns with low severi...
Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota BT in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated...
CVE-2025-68722
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...
VulnCheck KEV: CVE-2026-25815
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...
CVE-2025-68722
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...
NETGATE Amiti Antivirus 代码问题漏洞
NETGATE Amiti Antivirus is a antivirus software developed by the Slovak company NETGATE. Version 25.0.640 of NETGATE Amiti Antivirus has a code vulnerability. This vulnerability stems from service paths in Windows service configurations that are not properly quoted, which may allow attackers to...
PT-2026-5803
Name of the Vulnerable Software and Affected Versions Amiti Antivirus version 25.0.640 Description Amiti Antivirus contains an unquoted service path vulnerability in its Windows service configurations. This allows attackers to inject and execute malicious code with elevated LocalSystem privileges...
CVE-2025-36194
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations...
CVE-2025-6593
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...
CVE-2025-36194
Summary: CVE-2025-36194 affects IBM PowerVM Hypervisor. The hypervisor may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations. Affected versions: PowerVM Hypervisor FW1110.00–FW1110.03, FW1060.00–FW1060.51, and FW950.00–FW950....
CVE-2025-36194 This Power System update is being released to address
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations...
CVE-2025-36194 This Power System update is being released to address
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations...
Innomic VibroLine Series 访问控制错误漏洞
The Innomic VibroLine Series is a professional vibration measurement and analysis system developed by the German company Innomic. The Innomic VibroLine Series has a security access control vulnerability; this vulnerability arises from unverified neighboring attackers who may switch between multip...
IBM PowerVM Hypervisor 安全漏洞
The IBM PowerVM Hypervisor is a software application developed by International Business Machines IBM. It provides a secure and scalable virtualization environment. These applications are built based on the advanced RAS capabilities and leading performance of the Power Systems platform. Security...
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2026-1131)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-15510
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...
CVE-2025-15510
CVE-2025-15510 affects NEX-Forms – Ultimate Forms Plugin for WordPress. The underlying issue is a missing capability check in the NF5_Export_Forms class constructor, allowing unauthenticated users to export form configurations by enumerating nex_forms_Id in all versions up to and including 9.1.8....
CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...
EUVD-2025-206597
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...
PT-2026-5500
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5 Export Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form...