22 matches found
CVE-2025-14362
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. Starting from version 7.0.8 and before version 7.0.10, authenticated users could use the MSETNX command to trigger a runtime assertion and terminate the Redis server process. This issue was fixed in Redis version 7.0.10...
CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT
HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...
CVE-2026-0971
An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...
PT-2026-33979
User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...
CVE-2026-23542
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through = 7.0.10...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the deriveVaultKey function. An attacker can recover a significant portion of the cryptographic key by brute-forcing the remaining unpredictable bytes if they have physical access to the device...
PT-2025-36485
Name of the Vulnerable Software and Affected Versions: Avigilon ACM version 7.10.0.20 Description: A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. Recommendations: At the moment, there is no information about...
UBUNTU-CVE-2025-53029
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...
Zyxel NWA50AX PRO 路径遍历漏洞
The Zyxel NWA50AX PRO is a wireless router from China Hopkins Zyxel. A path traversal vulnerability exists in Zyxel NWA50AX PRO 7.10 ACGE.2 and earlier versions, which stems from a path traversal in the fileupload-cgi CGI program that could lead to the deletion of configuration files...
PT-2023-24726 · Mongoose · Mongoose
Name of the Vulnerable Software and Affected Versions: Mongoose versions prior to 7.10 Description: The issue arises from the HTTP server in Mongoose accepting requests with negative Content-Length headers. This can be exploited by an attacker sending a single malicious payload over TCP, causing...
AZL-26736 CVE-2023-2700 affecting package libvirt for versions less than 7.10.0-5
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's gautoptr cleanup...
Karmasis Infraskope Agent 访问控制错误漏洞
Karmasis Infraskope Agent is an application logger from Karmasis. An Access Control Error vulnerability exists in Karmasis Infraskope Agent versions prior to 7.10.00, which stems from improper access control in the application and can be exploited by an attacker to corrupt the page listing the...
PT-2022-15843 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows OS Command Injection via Documentconverter, for example, through an email attachment. Recommendations: For OX App Suite versions 7.10.6 and earlier, update to a version...
GitLab 安全漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE that stem...
PT-2021-6753 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.10 and later Description: The issue is related to incorrect authorization in GitLab, a platform for collaborative code development. Under specific conditions, it allows existing users to use an invite URL intended for...
CVE-2021-23932
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename...
CVE-2020-8542
OX App Suite through 7.10.3 allows XSS...
SalesAgility SuiteCRM SQL Injection Vulnerability (CNVD-2019-16997)
SalesAgility SuiteCRM is a suite of enterprise-grade open source customer relationship management CRM. A SQL injection vulnerability exists in SalesAgility SuiteCRM versions 7.10.x prior to 7.10.17 and 7.11.x prior to 7.11.5, which can be exploited by an attacker to execute illegal SQL commands...
SAP TREX Code Injection Vulnerability
SAP TREX is a search engine from SAP for the SAP NetWeaver integrated technology platform. A code injection vulnerability exists in SAP TREX version 7.10. The vulnerability can be exploited by a remote attacker to read or write to arbitrary files and execute arbitrary code with the help of the fd...