23055 matches found
CVE-2026-0496
SAP Fiori App Intercompany Balance Reconciliation is affected. The issue allows an attacker with high privileges to upload arbitrary files (including scripts) due to improper file format validation in the upload mechanism. Impact is described as low for confidentiality, integrity, and availabilit...
Mozilla Firefox和Mozilla Firefox ESR 安全漏洞
Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation, U.S.A. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox versions prior to 147 and Mozilla...
GeoNetwork 代码问题漏洞
GeoNetwork is GeoNetwork open source a catalog application . It is used to manage spatially referenced resources. A code issue vulnerability exists in GeoNetwork 4.2.0 and earlier versions, which stems from an XML external entity vulnerability in PDF rendering that could lead to reading arbitrary...
PT-2026-2578
CVE-2025-69992 phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authe… https://t.co/1WpN7z5IOS...
MiracleLinux 9 : gimp-2.99.8-4.el9_5 (AXSA:2025-9834:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9834:01 advisory. gimp: dds buffer overflow RCE CVE-2023-44441 gimp: PSD buffer overflow RCE CVE-2023-44442 gimp: psp integer overflow RCE CVE-2023-44443 gimp: psp...
MiracleLinux 8 : libarchive-3.3.3-6.el8_10 (AXSA:2025-10771:04)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10771:04 advisory. libarchive: Double free at archivereadformatrarseekdata in archivereadsupportformatrar.c CVE-2025-5914 Tenable has extracted the preceding description block...
Linux Distros Unpatched Vulnerability : CVE-2025-68816
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5: fwtracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security...
PT-2026-2548
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s networking subsystem, specifically the mlx5 firmware tracer, contained a flaw where format string parameters were not properly validated. This allowed potentially...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unvalidated format string parameters from the firmware, which could result in a crash or undefined behavior...
MiracleLinux 7 : python-jinja2-2.7.2-4.0.1.el7.AXS7 (AXSA:2025-11572:05)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-11572:05 advisory. CVE-2024-56326: fix format string vulnerability impacting users of applications which execute untrusted template CVEs: CVE-2024-56326 Jinja is an extensible...
OPENSUSE-SU-2026:20022-1 Security update for matio
This update for matio fixes the following issues: - update to version 1.5.29: Fix printing rank-1-variable in MatVarPrint Fix array index out of bounds in MatVarPrint when printing UTF-8 character data boo1239678, CVE-2025-2337 Fix heap-based buffer overflow in strdupvprintf boo1239677,...
CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder
OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...
CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder
OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...
OpenProject 信息泄露漏洞
OpenProject is OpenProject open source a Web-based project management software. OpenProject 16.6.4 before the version of the information leakage vulnerability , the vulnerability stems from the work package PDF export function there is a local file reading vulnerability , an attacker can upload a...
SUSE SLED15 / SLES15 Security Update : libheif (SUSE-SU-2026:0087-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0087-1 advisory. - CVE-2025-68431: Fixed heap buffer over-read in HeifPixelImage::overlay via crafted HEIF that exercises the overlay...
OESA-2026-1012 unrtf security update
UnRTF is a command-line program written in C which converts documents in Rich Text Format .rtf to HTML, LaTeX, troff macros, and RTF itself. Converting to HTML, it supports a number of features of Rich Text Format: Changes in the text's font, size, weight bold, and slant italic Underlines and...
OESA-2026-1007 hdf5 security update
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...
CVE-2018-12590
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...
CVE-2009-4769
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow 1 remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow 2 remote authenticated users t...
CVE-2001-1566
Format string vulnerability in libvanessalogger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the vanessaloggerlog function...