13 matches found
CVE-2025-57104
Teampel 5.1.6 is vulnerable to SQL Injection in /Common/login.aspx...
PT-2025-37730
Name of the Vulnerable Software and Affected Versions Teampel version 5.1.6 Description Teampel version 5.1.6 is susceptible to SQL Injection through the /Common/login.aspx API endpoint. Recommendations As a temporary workaround, consider restricting access to the /Common/login.aspx endpoint unti...
VulnCheck KEV: CVE-2025-25037
An information disclosure vulnerability exists in Aquatronica Controller System firmware versions = 5.1.6 and web interface versions = 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive...
WordPress LatePoint plugin <= 5.1.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin LatePoint versions = 5.1.6...
WordPress Essential Real Estate plugin <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information Exposure vulnerability
Missing Authorization to Authenticated Contributor+ Information Exposure vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin Essential Real Estate versions = 5.1.6...
WordPress plugin Essential Real Estate 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...
CVE-2022-41736
IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810...
SUSE CVE-2018-16476
A Broken Access Control vulnerability in Active Job versions = 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1,...
CVE-2022-27588
We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later...
CVE-2022-27588
We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later...
CVE-2021-38685
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later...
128 Technology Session Smart Router vulnerable to authentication bypass
Overview 128 Technology Session Smart Router provided by 128 Technology contains an authentication bypass vulnerability CWE-287. Genta Kataoka of IERAE SECURITY INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Linux kernel memory misreference vulnerability (CNVD-2019-46994)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory misreference vulnerability exists in versions of Linux kernel prior to 5.1.6. No details of the vulnerabilit...