11269 matches found
LXD 安全漏洞
LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD 4.0 and later versions, which stems from a template injection when the instance snapshot creation component uses the Pongo2 template engine, which could result in...
CVE-2023-53511 io_uring: fix fget leak when fs don't support nowait buffered read
In the Linux kernel, the following vulnerability has been resolved: iouring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using iouring doing link-cp on ocfs2. 1 Do the following steps can reproduce this BUG: mount -t ocfs2 /dev/vdc /mnt/ocfs2 cp testfile...
PT-2025-40311
Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.2 Description A flaw exists in Apache Kylin that could allow external parties to access files or directories. Proper protection of Kylin's system and project admin access is crucial to prevent...
PT-2025-40312
Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.2 Description A Server-Side Request Forgery SSRF issue exists in Apache Kylin. The impact is limited if Kylin's system and project admin access is well protected. Recommendations Upgrade to version 5.0.3...
PT-2025-40310
Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.2 Description An authentication bypass issue exists in Apache Kylin. This allows bypassing normal authentication mechanisms through an alternate path or channel. Recommendations Upgrade to version 5.0.3 ...
WordPress plugin All in One Music Player 路径遍历漏洞
WordPress All in One Music Player plugin is a plugin with integrated music playback functionality, mainly used for WooCommerce, Dokan, WCFM Marketplace and other multi-platform e-commerce systems. A path traversal vulnerability exists in the WordPress All in One Music Player plugin, which stems...
CVE-2025-48006
Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service DoS condition ma...
CVE-2025-48006
Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service DoS condition ma...
CVE-2025-48006
Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service DoS condition ma...
CVE-2025-48006
Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service DoS condition ma...
CVE-2025-48006
CVE-2025-48006 affects DataSpider Servista 4.4 and earlier. Root cause: improper restriction of XML external entity references (CWE-611). Impact: potential to read arbitrary files on the server filesystem and DoS; network-based exposure with low attack complexity. Exploitation details are not pro...
Ashisuto DataSpider Servista 代码问题漏洞
Ashisuto DataSpider Servista is an enterprise data integration platform from Ashisuto Japan. A code issue vulnerability exists in Ashisuto DataSpider Servista 4.4 and prior versions, which stems from an improperly restricted XML external entity reference that could result in the reading of...
GO-2025-3971 DragonFly vulnerable to arbitrary file read and write on a peer machine in d7y.io/dragonfly
DragonFly vulnerable to arbitrary file read and write on a peer machine in d7y.io/dragonfly...
CVE-2025-60020
nncp before 8.12.0 allows path traversal for reading or writing during freqing and file saving via a crafted path in packet data...
CVE-2025-6544
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
Autodesk Fusion 安全漏洞
Autodesk Fusion is a data management software platform from the US-based Autodesk, Inc. A security vulnerability exists in Autodesk Fusion that stems from a stored cross-site scripting vulnerability in the handling of specially crafted HTML payloads, which could result in reading a local file or...
GHSA-5W3J-GWGH-4RFV H2O affected by a deserialization vulnerability
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
H2O 安全漏洞
H2O is an open source in-memory platform for distributed, scalable machine learning from H2O.ai. A security vulnerability exists in H2O 3.46.0.8 and earlier versions, which stems from improper handling of JDBC connection parameters and could lead to reading arbitrary system files and executing...
CVE-2025-9215
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the filedownload function. This makes it possible for authenticated attackers, with...
PT-2025-38624
A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...