PT-2026-7523

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 10.8 through 18.6.6 GitLab CE/EE versions 18.7 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 Description GitLab CE/EE is susceptible to a denial-of-service condition. An unauthenticated user could potentially...

.NET 10.0 Update - January 13, 2026

.NET 10.0 Update - January 13, 2026 .NET 10.0 has been refreshed with the latest update as of January 13, 2026. This update contains non-security fixes. See the release notes for details about updated packages..NET 10.0 servicing updates are upgrades. The latest servicing update for 10.0 will...

RTI Connext Professional 安全漏洞

RTI Connext Professional is a connectivity platform from RTI USA designed to meet the demanding requirements of the Industrial Internet of Things IIoT. A security vulnerability exists in RTI Connext Professional versions prior to 7.6.0, prior to 7.3.0.8, prior to 6.1.2.26, 6.0 and prior, 5.3 and...

CVE-2025-53644

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability...

Synnefo Internet Management Software 安全漏洞

Synnefo Internet Management Software SynnefoIMS is an Internet management software from Synnefo, Inc. A security vulnerability exists in Synnefo Internet Management Software version 2023 and prior releases that stems from the presence of a SQL injection vulnerability...

ABB Mint WorkBench 后置链接漏洞

ABB Mint WorkBench is a single Windows tool from ABB Switzerland that is compatible with the ABB family of motion controllers and servo drives. ABB Mint WorkBench A security vulnerability exists in ABB Mint WorkBench that originates from a vulnerability that allows a low-privilege attacker to...

CVE-2020-8197

Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands...

CVE-2020-8013

A UNIX Symbolic Link Symlink Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be...

ALPINE-CVE-2018-3173

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

CVE-2018-0039

Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafan...

CVE-2017-6710

A vulnerability in the Cisco Virtual Network Function VNF Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to...

CVE-2017-6716

A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software...

CVE-2017-6715

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More...

PYSEC-2011-10

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...