Arcserve Unified Data Protection - Authentication Bypass

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...

CVE-2024-46636

NASA Earth Observing System Data and Information System EOSDIS MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter...

PT-2026-35527

NASA Earth Observing System Data and Information System EOSDIS MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter...

NASA Earth Observing System Data and Information System 安全漏洞

NASA Earth Observing System Data and Information System is an open-source platform for managing and distributing earth science data by NASA. Version 8.1 of the NASA Earth Observing System Data and Information System contains a security vulnerability, which stems from the operation of the category...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. This is only exploitable if the...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Information Schema component. An attacker can gain unauthorized access to sensitive data by sending crafted requests over the network. Remediation Upgrade libmysqlclient to versi...

SUSE CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

EUVD-2026-20557

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...

CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

CVE-2025-60949

CVE-2025-60949 affects Census CSWeb. In version 8.0.1, the path app/config can be exposed over HTTP in some deployments, allowing a remote, unauthenticated attacker to request configuration files and obtain leaked secrets. Impact is described in CVE records as high confidentiality/integrity risks...

CVE-2026-32981

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

CVE-2026-25888

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1...

AVideo 授权问题漏洞

AVideo is an open-source broadcast network creation tool developed by the World Wide Broadcast Network. Version 8.1 of AVideo contains an authorization vulnerability, which stems from cross-site request forgery attacks. This vulnerability could allow attackers to exploit the password recovery...

WordPress plugin Stylish Cost Calculator has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-13532

This CVE concerns Fortra’s Core Privileged Access Manager (BoKS): BoKS Server Agent 9.0 with yescrypt support running in a BoKS 8.1 domain is affected by insecure defaults that can cause the use of weak password hash algorithms. The issue is described across multiple sources as an insecure defaul...

CVE-2025-52196

Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...

PT-2025-51766

Name of the Vulnerable Software and Affected Versions Ctera Portal versions 8.1.x 8.1.1417.24 Description A Server-Side Request Forgery SSRF issue exists in Ctera Portal. This allows remote attackers to make arbitrary HTTP requests by providing a crafted HTML file containing an iframe. The...

UBUNTU-CVE-2025-13644

MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. This issue affects MongoDB Server...

CVE-2025-66091

CVE-2025-66091 is a DOM-based XSS vulnerability in the WordPress plugin Stylish Cost Calculator (design stylish-cost-calculator) up to version

CVE-2025-46366

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information...