ROS-20260505-73-0058

Vulnerability in python3.12 related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260505-73-0057

Vulnerability in python3.11 related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Adobe ColdFusion Improper Authorization Vulnerability

Adobe ColdFusion is a dynamic Web server platform maintained by Adobe. An improper authorization vulnerability exists in Adobe ColdFusion, which can be exploited by an attacker to submit a special request to bypass security restrictions and gain unauthorized access to the system...

Ivanti Endpoint Manager Encryption Misuse Vulnerability

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. Ivanti Endpoint Manager suffers from a cryptographic misuse vulnerability that stems from an incorrect cryptographic implementation, which can be...

Dell Storage Manager 授权问题漏洞

Dell Storage Manager is a centralized storage management platform from Dell USA. An elevation of privilege vulnerability exists in Dell Storage Manager, which can be exploited by an attacker to submit a special request for elevation of privilege...

NVIDIA GPU Display Driver for Linux 安全漏洞

NVIDIA GPU Display Driver for Linux is a GPU display driver. An elevation of privilege vulnerability exists in NVIDIA GPU Display Driver for Linux, which can be exploited by an attacker to submit a special request, execute arbitrary code, elevation of privilege, and more...

PLANET UNI-NMS-Lite 信任管理问题漏洞

Planet UNI-NMS-Lite is a universal network management system from PLANET China that monitors all deployed wired or wireless PoE industrial grade network devices. Planet UNI-NMS-Lite suffers from a trust management issue vulnerability that can be exploited by an attacker to submit a special reques...

Unspecified vulnerability in CMSimple (CNVD-2026-02647)

CMSimple is a free content management system. An unspecified vulnerability exists in CMSimple, which can be exploited by an attacker to submit a special request to obtain sensitive source code, leading to the disclosure of sensitive information...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from an information disclosure vulnerability that stems from the use of FileStore::LocalStore to store uploaded and backed up fil...

WAVLINK WN531P3 安全漏洞

WAVLINK WN531P3 is a router developed by China RuiYin Technology WAVLINK. The WAVLINK WN531P3 suffers from a hard-coded vulnerability that can be exploited by an attacker to submit a special request to access the system as root...

WAVLINK WN701AE 安全漏洞

WAVLINK WN701AE is a router developed by China RuiYin Technology WAVLINK. The WAVLINK WN701AE suffers from a hard-coded vulnerability that can be exploited by an attacker to submit a special request to access the system as root...

TYPO3 Brute Force Protection Bypass in backend login

The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more feasible...

PT-2024-40355 · Packagist · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns a brute force protection mechanism in the backend login system. This mechanism pauses for 5 seconds when incorrect credentials are provided. However, it is possible to...

PT-2024-26118 · Unknown · Createwiki

Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: The issue allows users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki...

Tencent libpag 安全漏洞

Tencent Libpag is an animation library from Tencent. Tencent Libpag suffers from a buffer overflow vulnerability that can be exploited by an attacker to submit a special request that can crash the application or execute arbitrary code in the application context...

IBM Storage Defender-Resiliency Service Information Disclosure Vulnerability

IBM Storage Defender is a software suite that enables data resiliency and is part of the IBM Storage portfolio of products and services. An information disclosure vulnerability exists in IBM Storage Defender-Resiliency Service, which can be exploited by a local attacker to submit a special reques...

CVE-2023-44381

October is a Content Management System CMS and web platform to assist with development workflow. An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...

D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2026-07091)

The D-Link DAP-2622 is an enterprise-grade wireless access point AP from AUO D-Link, which is mainly used for wireless network coverage in commercial or enterprise environments. The D-Link DAP-2622 suffers from a stack buffer overflow remote code execution vulnerability that stems from a...

Huawei HarmonyOS input module deserialization vulnerability

Huawei HarmonyOS is a microkernel-based, full-scenario distributed operating system from Huawei, China. A deserialization vulnerability exists in the Huawei HarmonyOS input module, which can be exploited by a remote attacker to submit a special request and trick a user into parsing it, potentiall...

SAP BusinessObjects Platform Information Disclosure Vulnerability

SAP BusinessObjects Platform is a centralized suite for data reporting, visualization and sharing from SAP, Germany. A security vulnerability exists in SAP BusinessObjects Platform, which can be exploited by remote attackers to submit a special request that can be sniffed to obtain sensitive...