17 matches found
CVE-2026-33913
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....
CVE-2026-25567
WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...
AZL-50144 CVE-2024-9026 affecting package php for versions less than 8.1.30-1
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
AZL-49077 CVE-2024-21171 affecting package mysql for versions less than 8.0.40-1
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...
CVE-2024-37138
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the manag...
Accellion Kiteworks 安全漏洞
Accellion Kiteworks is a private cloud file sharing solution. A security vulnerability exists in Accellion Kiteworks version 7.x and version 8.x prior to 8.3.0, which stems from the presence of directory traversal that can lead to unauthenticated file read, file delete, and file write operations...
PT-2023-22899 · Unknown · Tsolucio/Corebos
Name of the Vulnerable Software and Affected Versions: tsolucio/corebos versions prior to 8 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the GitHub repository tsolucio/corebos. Recommendations: For versions prior to 8, update to version 8 or later to resol...
PortlandLabs Concrete CMS 授权问题漏洞
PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS concrete5 versions prior to 8.5.10 and versions 9.0.0 through 9.1.2, which stems from a new session ID not being issued...
mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...
DEBIAN-CVE-2022-2210
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2...
AZL-7719 CVE-2022-21329 affecting package mysql for versions less than 8.0.28-1
Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...
AZL-7695 CVE-2022-21279 affecting package mysql for versions less than 8.0.28-1
Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...
CVE-2020-8092
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0...
CVE-2018-2905
Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: Core Services. The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromi...
libvips vips_region_generate function denial of service vulnerability
libvips is an open source 2D image processing library . A security vulnerability exists in the 'vipsregiongenerate' function of the region.c file in versions of libvips prior to 8.6.3. A remote attacker can exploit this vulnerability to cause a denial of service with a specially crafted image fil...
Zimbra Collaboration suffers from multiple cross-site scripting vulnerabilities (CNVD-2017-00757)
Zimbra can provide open source email server software and shared calendars. Multiple cross-site scripting vulnerabilities in versions prior to Zimbra Collaboration 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors also known as Bugs 104222,104910,105071 an...
CVE-2016-3411
Cross-site scripting XSS vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609...