OrangeHRM 授权问题漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained an authorization...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000454)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000454 advisory. An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrmstatefini panic, aka CID-dbb2483b2a46. Tenable...

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

CVE-2025-34263

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and...

CVE-2025-34262 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devices/name/{agent_id}

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

GO-2025-4122 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost

Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost...

PT-2025-32732 · Intel · Intel I350 Series Ethernet

Name of the Vulnerable Software and Affected Versions: IntelR I350 Series Ethernet versions prior to 5.19.2 Description: Improper initialization in the Linux kernel-mode driver for some IntelR I350 Series Ethernet may allow an authenticated user to potentially enable information disclosure via da...

CVE-2019-5395

A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor versions: prior to 5.0.5.1...

CVE-2025-27101 Broken Access Control in Opal filesystem's copy functionality exposes all user data

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of t...

PT-2025-4622 · Hakan Ozevin · Wp Base Booking

Name of the Vulnerable Software and Affected Versions: Hakan Ozevin WP BASE Booking versions prior to 5.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject...

PT-2024-16428 · Fluent Forms · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder versions prior to 5.2.6 Description: The issue is related to Stored Cross-Site Scripting via the form's subject parameter due to insufficient input...

PT-2024-13004 · Miniorange · Miniorange Saml Sp Single Sign On

Name of the Vulnerable Software and Affected Versions: miniOrange SAML SP Single Sign On versions prior to 5.0.4 Description: The issue affects the miniOrange SAML SP Single Sign On plugin, allowing for broken access control due to missing authorization. This enables exploitation of incorrectly...

CVE-2024-0166

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svctcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges...

CVE-2023-37372

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database...

Intel Data Center Manager 授权问题漏洞

Intel Data Center Manager is a software solution from Intel Corporation. It collects and analyzes real-time operating conditions, power and heat of various devices in the data center to help improve efficiency and uptime. A security vulnerability exists in Intel Data Center Manager versions prior...

AZL-25607 CVE-2022-3707 affecting package hyperv-daemons for versions less than 5.15.102.1-1

A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intelgvtdmamapguestpage function. This issue could allow a local user to crash the system...

SUSE CVE-2018-4311

The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

PT-2023-34022 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.87 Description: A potential security issue has been identified in the Linux Kernel, related to the fs/ntfs3 module. The issue concerns the attr load runs vcn function, where a null pointer check has been...

PT-2022-34773 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.12 Description: A percpu memory leak was discovered in the nf tables module at the nf tables addchain function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linu...

Softing OPC UA C++ SDK 代码问题漏洞

The Softing OPC UA C++ SDK is a development kit from Softing Germany. It is used to quickly and easily integrate OPC UA clients and servers. A security vulnerability exists in Softing OPC UA C++ SDK versions prior to 5.70. The vulnerability stems from the fact that an incorrectly formatted OPC/UA...