6219 matches found
XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)
XWiki = 17.3.0 contains a server-side template injection caused by improper validation of Apache Velocity template code in the Administration interface HTTP Meta Info field, letting authenticated administrators execute arbitrary template logic. id: CVE-2025-51991 info: name: XWiki = 17.3.0 -...
Vendure - Arbitrary File Read
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...
Angular-Base64-Upload - Remote Code Execution
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...
CVE-2026-15753
CVE-2026-15753 affects zhinianboke xianyu-auto-reply on Server; the vulnerability concerns the /api/v1/payment/withdraw/review?action=approve endpoint where manipulation can cause the server to trust HTTP permission methods. The patch 19fc3282a1bb78a05c34945c088525d20e081cbd is referenced as a fi...
CVE-2026-56168 Windows SMB Server Denial of Service Vulnerability
...
CVE-2026-56159
CVE-2026-56159 is a heap-based buffer overflow in Windows DHCP Server that can allow an unauthenticated attacker to execute code over a network (remote code execution). The vulnerability is rated CRITICAL with Network attack vector and no explicit exploit details in the provided documents. Connec...
CVE-2026-55016
CVE-2026-55016 is a SharePoint-related issue affecting Microsoft Office SharePoint, described as improper neutralization of input during web page generation (XSS) that enables spoofing over a network by an authorized attacker. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) yields a bas...
CVE-2026-49787 HTTP.sys Denial of Service Vulnerability
...
CVE-2026-48564 DHCP Server Service Remote Code Execution Vulnerability
...
CVE-2026-48564 DHCP Server Service Remote Code Execution Vulnerability
...
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2026-52101
An issue in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to obtain sensitive information via the function uploadRemote function in upload.go...
CVE-2026-62242
Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...
Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload
Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload caused by insufficient validation in the upload component, letting remote attackers upload malicious files, exploit requires no authentication. id: CVE-2018-9206 info: name: Blueimp jQuery-File-Upload v9.22.0 -...
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter()
A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...
CVE-2026-56003
A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...
EUVD-2026-42177
An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server...
CVE-2026-5268
Technical details about CVE-2026-5268 are not publicly provided in the supplied documents. No affected products, versions, root cause, or remediation are enumerated here. Monitor for updates and additional technical disclosures.
Linux Distros Unpatched Vulnerability : CVE-2020-14844
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...
PT-2026-54750
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated remote attacker can execute arbitrary OS commands on the server. The issue occurs because the translate text.php file passes the id GET parameter directly...