30 matches found
EulerOS 2.0 SP11 : ncurses (EulerOS-SA-2026-2218)
According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyzestring in progs/infocmp.c.CVE-2025-69720...
CVE-2026-30903
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access...
CVE-2026-30919 facileManager Affected by Stored Cross-Site Scripting (XSS)
facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...
listmonk 跨站脚本漏洞
listmonk is a high-performance, self-hosted, newsletter and mailing list manager with a modern dashboard by the individual developer Kailash Nadh. A cross-site scripting vulnerability exists in listmonk versions prior to 6.0.0, which originates from a low-privileged user who can inject malicious...
CVE-2025-67572 WordPress PenNews theme < 6.7.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through 6.7.4...
CVE-2025-58131 Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon - Race Condition
Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 or before 6.2.15 and 6.3.12 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access...
Linux Distros Unpatched Vulnerability : CVE-2022-39427
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Easily...
CVE-2025-38743
Dell iDRAC Service Module iSM, versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges...
AZL-64779 CVE-2025-38227 affecting package kernel for versions less than 6.6.96.1-1
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent process of initialization failure syzbot reported a slab-use-after-free Read in vidtvmuxinit. 1 After PSI initialization fails, the si member is accessed again, resulting in this uaf. Afte...
CVE-2025-26512
SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...
PT-2024-32788
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58 Description The issue is related to the firmware loader in the Linux kernel, where certain code paths construct firmware file names from string components passed through from devices or semi-privileged...
PT-2024-21502
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8 Description A race condition in the Linux kernel's swap cache can cause data corruption when two or more threads swap in the same entry at the same time. This can lead to a stalled page being installed into t...
FFmpeg Command Execution Vulnerability (CNVD-2024-28709)
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A command execution vulnerability exists in versions of Ffmpeg prior to n6.1, which can be exploited by an attacker to execute arbitrary commands on a system...
Unspecified vulnerability in Linux kernel (CNVD-2024-06430)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel prior to version 6.5.9, which stems from a null pointer dereference in sendacknowledge in net/nfc/nci/spi.c. The vulnerability i...
Archer Platform Security Vulnerability
Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform version 6.x prior to 6.13.0.2.2, which stems from the inclusion of a sensitive information disclosure vulnerability, where an authenticated attacker may be able to...
CVE-2023-25813 SQL Injection via replacements in sequelize
Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fix...
PT-2022-36023 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: The issue is related to a use-after-free in the snd soc exit function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...
PT-2022-35954 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: The issue is related to kprobes and ftrace. It involves skipping the clearing of aggrprobe's post handler in the kprobe-on-ftrace case. The actual impact and attack plausibility have not yet...
PT-2022-35074 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A memory leak issue was discovered in the airspy probe. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.3, update ...
Pure Storage FlashBlade 和 FlashArray 安全漏洞
Pure Storage FlashArray and Pure Storage FlashBlade are both products of Pure Storage, Inc. the Pure Storage FlashArray is an all QLC flash storage array. the Pure Storage FlashBlade is a consolidated storage platform for file and object Pure Storage FlashBlade is a consolidated storage platform...