126 matches found
CVE-2026-8800
CVE-2026-8800 concerns an Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). Affected software is MOVEit Transfer; impact involves unauthorized access across confidentiality, integrity, and availability (CVSS v3.1 base score 8.8, HIGH). Affected versions are MO...
WordPress picu plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by xwii in WordPress Plugin picu versions = 3.5.1...
PhpSpreadsheet 安全漏洞
PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Vulnerabilities exist in versions prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0 of PhpSpreadsheet. These vulnerabilities stem from the SpreadsheetML XML reader not verifying whether the...
CVE-2026-3291 Samsung Print Service Plugin – Potential Information Disclosure
Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities...
HP Samsung Print Service Plugin 安全漏洞
The HP Samsung Print Service Plugin is a mobile device printing service plugin developed by Hewlett-Packard HP in the United States. The HP Samsung Print Service Plugin has a security vulnerability, which stems from the use of outdated versions of the application and may lead to information leaks...
fastify/reply-from和fastify/http-proxy 安全漏洞
fastify/reply-from and fastify/http-proxy are both products from the Fastify open-source project. fastify/reply-from is a plugin designed to forward incoming HTTP requests to another server. fastify/http-proxy is a full-featured HTTP proxy plugin that supports proxying WebSocket connections and...
EUVD-2026-20563
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed i...
CVE-2025-55277
HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application...
CVE-2025-55277 HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability
HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application...
CVE-2025-55277 HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability
HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application...
WordPress plugin Fiorello 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin YayCurrency 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-1578
HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities...
CVE-2026-1578
HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities...
CVE-2026-1578
HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities...
CVE-2026-1578
HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version on mobile devices. The issue is being addressed with updates from HP. According to the provided CVE entry, the vulnerability is associated with an initial update path and a MEDIUM severity (C...
HP App 安全漏洞
HP App is an integrated management tool developed by the American company Hewlett-Packard HP. There is a security vulnerability in HP App, which stems from the use of outdated versions. This vulnerability may lead to cross-site scripting attacks...
CVE-2025-68493 Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component
Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...
CVE-2025-68493 Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component
Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...
CVE-2020-7213
Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...