27 matches found
WordPress Photography theme <= 7.6.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Photography versions = 7.6.1...
EUVD-2025-202271
An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7...
CVE-2025-32932
CVE-2025-32932 is an XSS vulnerability in FortiSOAR web UI caused by improper input neutralization (CWE-79). Affected are FortiSOAR versions 6.4 and all 7.x releases up to 7.6.1. The impact is stored XSS that can be triggered by authenticated remote attackers via stored malicious service requests...
p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness
perl-catalyst project reports: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known...
VulnCheck KEV: CVE-2025-32815
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur...
Fortinet FortiADC 操作系统命令注入漏洞
Fortinet FortiADC is an application delivery controller from Fortinet, Inc. An operating system command injection vulnerability exists in Fortinet FortiADC, which stems from improper neutralization of special elements and could lead to OS command injection. The following versions are affected:...
CVE-2025-32813
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur...
CVE-2025-32815
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur...
Infoblox NETMRI 安全漏洞
Infoblox NETMRI is a network management product from US-based Infoblox, Inc. can automate, provide visibility and continuous insight to help organizations intelligently manage their multi-vendor networks. A security vulnerability exists in Infoblox NETMRI versions prior to 7.6.1 that originates...
CVE-2024-46663
A stack-buffer overflow vulnerability CWE-121 in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands...
AZL-56351 CVE-2025-21667 affecting package kernel for versions less than 6.6.76.1-1
In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomapwritedelallocscan was inadvertently using a 32-bit position due to folionextindex returning an unsigned long. This could lead to an infinite loop when...
WordPress plugin Post Grid 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
IBM Control Desk 信息泄露漏洞
IBM Control Desk is an application from International Business Machines IBM. Automated service management and seamlessly integrated, best-practice based service desk functionality. A security vulnerability exists in IBM Control Desk version 7.6.1, which stems from the fact that its unset HTTP Onl...
GHSA-GFV5-GRX2-9JW2 Improper Privilege Management in Elasticsearch
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...
CVE-2021-20509
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243...
CVE-2020-4521
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system...
CVE-2020-4526
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436...
IBM Maximo Asset Management Path Traversal Vulnerability (CNVD-2020-46262)
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A path traversa...
Elasticsearch elevation of privilege vulnerability (CNVD-2020-38868)
Elasticsearch is a set of Dutch Elasticsearch company built on Lucene open source distributed RESTful search engine . The product is mainly used in cloud computing , and supports data indexing via HTTP using JSON. A security vulnerability exists in Elasticsearch versions 6.7.0 through 6.8.7 and...
Panasonic Video Insight VMS vulnerable to arbitrary code execution
Overview Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information...