533 matches found
Gambio 安全漏洞
Gambio is an integrated e-commerce solution developed by the Gambio company. Version Gambio 4.9.2.0 contains a security vulnerability. This vulnerability arises from the possibility of bypassing the password reset function; as long as the ID is known, any password for any account can be set...
WordPress Simple Link Directory plugin <= 8.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Simple Link Directory versions = 8.9.2...
WordPress AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization plugin <= 2.9.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Add Expires Headers & Optimized Minify versions = 2.9.2...
CVE-2026-41411
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
📄 NLTK 3.9.2 Path Traversal / File Disclosure
NLTK version 3.9.2 suffers from a path traversal vulnerability that allows for file disclosure. ================================================================================================================================== | Title : NLTK 3.9.2 Path Traversal - File Disclosure Exploit | | Auth...
PT-2026-37159
Name of the Vulnerable Software and Affected Versions pgx versions prior to 5.9.2 Description SQL injection can occur when the non-default simple protocol is used in conjunction with a dollar quoted string literal in the SQL query. If that string literal contains text that would be interpreted as...
EUVD-2026-24309
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Employee Snapshot. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...
CVE-2026-34301
Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft component: Work Order Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...
CVE-2026-22019
Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft component: Person Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise H...
CVE-2026-34295
Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft component: Purchasing. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM...
CVE-2026-34280
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Job Profile Manager. The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...
CVE-2026-22019
Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft component: Person Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise H...
Oracle PeopleSoft Enterprise FIN Contracts 安全漏洞
Oracle PeopleSoft Enterprise FIN Contracts is an enterprise contract financial management system developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise FIN Contracts contains a security vulnerability. This vulnerability stems from issues with the Contracts component, which m...
Important: Red Hat Security Advisory: nghttp2 security update
An update for nghttp2 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
EUVD-2026-21660
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center
This High severity HTTP Request Smuggling vulnerability was introduced in version 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, 10.2.0 of Confluence Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
EUVD-2026-21193
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...
CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...
Juniper Junos OS Vulnerability (JSA107822)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107822 advisory. - net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of...
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...