EUVD-2026-13380

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, the RecordHandler::getRecord method retrieves any record by module and ID without checking the current user's ACL view permission. The companion saveRecord method...

CVE-2026-29103 SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. A Critical Remote Code Execution RCE vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute arbitrary system commands. This vulnerability is a direc...

PT-2025-35210

Name of the Vulnerable Software and Affected Versions: OpenAtlas version 8.9.0 Description: OpenAtlas is susceptible to a cross-site scripting XSS issue caused by insufficient validation of user input received through POST requests. This could allow a remote user to send crafted queries to an...

OpenAtlas 跨站脚本漏洞

OpenAtlas is an Android non-proxy dynamic deployment framework from the Austrian company OpenAtlas. A cross-site scripting vulnerability exists in OpenAtlas version v8.9.0, which stems from insufficient validation of user input in a POST request and could lead to a cross-site scripting attack...

Malicious code in 8.9.4 (npm)

The package 8.9.4 was found to contain malicious code...

CVE-2025-3468 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cleanhtml and formfields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it...

org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content

Impact The Markdown syntax is vulnerable to XSS through HTML. In particular, using Markdown syntax, it's possible for any user to embed Javascript code that will then be executed on the browser of any other user visiting either the document or the comment that contains it. In the instance that th...

Crypto++ Security Vulnerability

Crypto++ is a C++ cryptographic method library. A security vulnerability exists in Cryptopp Crypto++ version 8.9, which stems from the presence of a fault injection vulnerability that allows an attacker to coexist on the same system as the victim process to disclose information and elevate...

DEBIAN-CVE-2023-28531

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

WordPress plugin SEO Redirection 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

RosarioSIS 跨站脚本漏洞

RosarioSIS is a free and open source student information system. It is used to manage students, create reports and make the right decisions. A cross-site scripting vulnerability exists in RosarioSIS versions prior to 8.9.3, which stems from a vulnerability in its upload functionality leading to a...

FlightRadar24 安全漏洞

FlightRadar24 is a global flight tracking service from the US company FlightRadar24. Real-time information is available for thousands of airplanes around the world. A security vulnerability exists in FlightRadar24 for Android versions v8.9.0, v8.10.0, v8.10.2, v8.10.3, and v8.10.4, which can be...

UBUNTU-CVE-2021-39869

In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project...

PT-2021-21730

Name of the Vulnerable Software and Affected Versions WP Cerber versions prior to 8.9.3 Description The issue allows bypass of /wp-json access control via a trailing ? character. Recommendations For versions prior to 8.9.3, update to version 8.9.3 or later to resolve the issue. As a temporary...

Vulnerabilities fixed in SolarWinds products

Vulnerabilities have been fixed in SolarWinds products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root privileges SQL Injection Increased user...

Umbraco Cross-Site Scripting Vulnerability

Umbraco is an open source content management system CMS based on ASP.NET technology. Umbraco 8.9.1 and earlier versions are vulnerable to a stored cross-site scripting vulnerability. An attacker can exploit this vulnerability by uploading a malicious .svg file to conduct a cross-site scripting...

CVE-2018-8061

HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write...

Visual Studio 2022 version 17.8.9 update

This security update applies to all editions of Visual Studio 2022, and will update client machines on the LTSC channel to version 17.8.9. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in order for the update to...