29 matches found
CVE-2026-27404
Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...
PT-2026-54973
Name of the Vulnerable Software and Affected Versions LMS versions prior to 9.8 Description An unauthenticated Cross Site Scripting XSS issue exists, allowing an attacker to execute malicious scripts in the victim's browser without requiring authentication. Recommendations Update to a version new...
WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme LMS versions = 9.7...
EUVD-2026-39515
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
EUVD-2026-35985
The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
Improper Encoding or Escaping of Output
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the setReturnUrl function. An attacker can execute arbitrary JavaScript in the context of the application by supplying a crafted return URL...
CVE-2026-1459
A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...
Apple Security Update: iOS 16.7.13 and iPadOS 16.7.13
Apple recommends to install security update iOS 16.7.13 and iPadOS 16.7.13 on devices iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation...
CVE-2025-9636
pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...
OPENSUSE-SU-2025:15327-1 coreutils-9.7-3.1 on GA media
These are all security issues fixed in the coreutils-9.7-3.1 package on the GA media of openSUSE Tumbleweed...
CVE-2022-25786
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7...
CVE-2024-50419
Incorrect Authorization vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.7...
Shilpi Client Dashboard 安全漏洞
Shilpi Client Dashboard is a centralized dashboard from Shilpi. A security vulnerability exists in Shilpi Client Dashboard versions prior to 9.7.0, which stems from a lack of limitations on incorrect login attempts for API logins, which could lead to unauthorized access to other user accounts...
PT-2024-29293 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Description: The issue arises from the failure to properly validate synced posts...
GRANDING UTime Master Security Vulnerability
GRANDING UTime Master is a powerful web-based time and attendance management software from GRANDING. A security vulnerability exists in GRANDING UTime Master v9.0.7-Build: Apr 4,2023 that stems from a vulnerability that allows an authenticated attacker to access sensitive information via a crafte...
Omron CX-Programmer 资源管理错误漏洞
Omron CX-Programmer is a PLC Programmable Logic Controller programming software from Omron, Japan. A security vulnerability exists in Omron CX-Programmer version v.9.77 and prior versions, which stems from a memory reuse after release issue...
CVE-2022-25782
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7...
CVE-2022-25779
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7...
Secomea GateManager 安全漏洞
Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerability exists in versions prior to Secomea GateManager 9.7, which stems from the exposure of information in Secomea GateManager's Web UI, and could be exploited by an attacker to allow logged-in...
Secomea GateManager 安全漏洞
Secomea GateManager is a remote access server product from the Danish company Secomea.A security vulnerability exists in versions prior to Secomea GateManager 9.7, which stems from an unprotected alternate channel vulnerability in the debug console. An attacker could use this vulnerability to...