20 matches found
CVE-2026-42872 WeGIA: Reflected XSS in listar_arquivos_etapa.php
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting XSS vulnerability exists in listaarquivosetapa.php due to improper handling of user-supplied input. The idprocesso parameter is directly embedded into the HTML without sanitization,...
CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CVE-2026-0573
CVE-2026-0573 affects GitHub Enterprise Server. The repository_pages API insecurely follows HTTP redirects when fetching artifact URLs, preserving the Authorization header containing a privileged JWT. An authenticated user could redirect requests to an attacker-controlled domain, exfiltrate the A...
CVE-2026-23730
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=ProdutoControle...
CVE-2025-66549
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...
EUVD-2018-3116
Malware in sbrugna...
CVE-2023-5904
Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2019-5402
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...
CVE-2012-6714
The count-per-day plugin before 3.2.3 for WordPress has XSS via search words...
CVE-2025-32826
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...
PT-2024-29710 · Splashtop · Splashtop Streamer
Name of the Vulnerable Software and Affected Versions: Splashtop Streamer for Windows versions prior to 3.7.0.0 Description: The MSI installer for Splashtop Streamer for Windows uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges...
PT-2023-4535
Name of the Vulnerable Software and Affected Versions Nullsoft Scriptable Install System NSIS versions prior to 3.09 Description The issue is related to insufficient access control in the Nullsoft Scriptable Install System, which can be exploited by a remote attacker to elevate their privileges...
Pure Storage FlashBlade 和 FlashArray 安全漏洞
Pure Storage FlashArray and Pure Storage FlashBlade are both products of Pure Storage, Inc. the Pure Storage FlashArray is an all QLC flash storage array. the Pure Storage FlashBlade is a consolidated storage platform for file and object Pure Storage FlashBlade is a consolidated storage platform...
guake 安全漏洞
guake is a python-based drop-down terminal designed for the GNOME desktop environment. A security vulnerability exists in guake that stems from guake exposing the executecommand and executecommandbyuuid methods via the d-bus interface, which allows a malicious user to run arbitrary commands via t...
NetApp Cloud Manager 信息泄露漏洞
Netapp NetApp Cloud Manager is an application from Netapp, Inc. which provides centralized orchestration of hybrid cloud storage and data management services. An information disclosure vulnerability exists in NetApp Cloud Manager, which stems from a flaw in the configuration of the product. An...
3S-Smart Software Solutions CODESYS Control runtime system 缓冲区错误漏洞
3S-Smart Software Solutions CODESYS Control runtime system is an application system from 3S-Smart Software Solutions, Germany. It is used for the conversion of any type of smart device to an IEC 61131-3 controller. A security vulnerability exists in 3S-Smart Software Solutions CODESYS Control...
Rocket.Chat Cross-Site Scripting Vulnerability (CNVD-2021-09040)
Rocket.Chat is an open source team chat software. A cross-site scripting vulnerability exists in Rocket.Chat server versions prior to 3.9.0, which stems from the drag-and-drop functionality being susceptible to XSS attacks. No details of the vulnerability are available at this time...
PT-2018-16943 · Auto Maskin +3 · Auto-Maskin Dcu-210E +3
Name of the Vulnerable Software and Affected Versions: Auto-Maskin DCU-210E RP-210E versions prior to 3.7 on ARMv7 Description: The firmware of the Auto-Maskin DCU 210E contains an undocumented Dropbear SSH server, version 2015.55, which listens on Port 22. This server is configured with a...
PT-2013-5038 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.10 Description: The issue is related to the improper management of a reference count by the ipc rcu putref function in the Linux kernel, which can be exploited by local users to cause a denial of service. This...
PT-2012-1244 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.9 Description: The issue is related to the scsi ioctl function in the Linux kernel, which does not properly consider the SCSI device class during authorization of SCSI commands. This allows local users to bypa...