26 matches found
CVE-2026-39345 OrangeHRM Affected by Arbitrary File Read via Path Traversal in Email Template Loader
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...
EUVD-2025-38048
Cross-Site Request Forgery CSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through = 28.0.0...
CVE-2025-62950 WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through = 28.0.0...
CVE-2021-35561 vulnerabilities
Vulnerabilities for packages: openjdk-21-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-8-openj9...
HPESBNW04845 rev.1 - HPE Aruba Networking AOS-10 and AOS-8 Mobility Conductor, Controllers, and Gateways - Multiple Vulnerabilities
Potential Security Impact: Remote: Arbitrary Code Execution, Arbitrary Command Execution, Arbitrary File Download, Arbitrary File Modification, Cross-Site Scripting XSS, Unauthorized Arbitrary Command Execution SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. Aruba 7000 Series...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.7.x through 9.7.5, 9.8.x through 9.8.2, and 9.9.x through 9.9.2, which stems from an inability to properly propagate privilege scheme updates...
Google Android 安全漏洞
Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in Framework in Google Android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1, which can be exploited by an attacker to elevate...
PT-2024-24990 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.8.x through 9.8.2 Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.9.x through 9.9.1 Mattermost versions 9.10.x through 9.10.0 Description: The issue arises when shared channels are enabled in Mattermost,...
CVE-2024-21876
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability via a URL parameter in Enphase IQ Gateway formerly known as Envoy allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and 8.2.4225...
Exploit for Improper Input Validation in Adobe Commerce
CVE-2022-24682 PoC How does this detection method work?...
PT-2023-32093 · Unknown +2 · Otrs Community Edition +2
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34 Description: An attacker who is logged into OTRS as a user with privileges to create and change customer user data may...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build problem analysis reports. A security vulnerability exists in JetBrains TeamCit...
VMware vRealize Orchestrator 代码问题漏洞
VMware vRealize Orchestrator is a workflow automation solution from VMware. It is designed to simplify the automation of complex IT tasks. A security vulnerability exists in VMware vRealize Orchestrator that originated when a malicious actor with unmanaged access to vRealize Orchestrator was able...
SUSE CVE-2009-2990
Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors...
SUSE CVE-2015-8080
Integer overflow in the getnum function in luastruct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox...
Veritas NetBackup 安全漏洞
Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environmental data such as metadata and virtual environments. A security vulnerabilit...
CVE-2022-34467
A vulnerability has been identified in Mendix Excel Importer Module Mendix 8 compatible All versions V9.2.2, Mendix Excel Importer Module Mendix 9 compatible All versions V10.1.2. The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the...
PT-2022-3547 · Mendix · Mendix
Name of the Vulnerable Software and Affected Versions: Mendix Applications using Mendix 7 versions prior to 7.23.27 Mendix Applications using Mendix 8 versions prior to 8.18.14 Mendix Applications using Mendix 9 versions prior to 9.12.0 Mendix Applications using Mendix 9 V9.6 versions prior to...
CVE-2021-42025
A vulnerability has been identified in Mendix Applications using Mendix 8 All versions V8.18.13, Mendix Applications using Mendix 9 All versions V9.6.2. Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow...
UBUNTU-CVE-2021-22229
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...