1894 matches found
Vulnerability in libxml2 (CVE-2025-8732) affects AIX
IBM SECURITY ADVISORY First Issued: Wed Feb 18 08:44:14 CST 2026 |Updated: Fri Mar 13 13:55:04 CDT 2026 |Update: Added iFix information for VIOS 3.1. The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2advisory10.asc Security Bulleti...
PT-2026-20494
Name of the Vulnerable Software and Affected Versions mingSoft MCMS version 6.1.1 Description A flaw exists in mingSoft MCMS 6.1.1 related to unrestricted file upload. The issue is located within the Template Archive Handler component, specifically in a function associated with the...
CVE-2023-38005
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
Huawei EMUI and Huawei HarmonyOS file system module out-of-bounds write vulnerability
Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei EMUI and Huawei HarmonyOS file system module, which can...
CVE-2026-0484 Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the...
CVE-2026-2222
A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btnfunctions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack m...
warehouse 访问控制错误漏洞
Warehouse is a small-scale warehouse logistics management system developed by Yeqifu, based on Spring Boot. There is an access control vulnerability in Warehouse, which stems from improper access control in the role permission binding processing program...
CVE-2023-38281
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...
@n8n/chat (>=1.0.0 <=1.19.0) potentially affected by CVE-2026-25054 via @n8n/design-system (>=2.0.0 <=2.1.0)
@n8n/design-system NPM version =2.0.0, =1.0.0, =1.19.0 Source cves: CVE-2026-25054 Source advisory: SNYK:JS-N8NDESIGNSYSTEM-15225250...
[SECURITY] [DLA 4460-1] ceph security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4460-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 01, 2026 https://wiki.debian.org/LTS -...
iba Systems ibaPDA
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on the file system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
CVE-2026-23952
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...
Azure Linux 3.0 Security Update: kernel (CVE-2024-40951)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40951 advisory. - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in...
MiracleLinux 7 : cups-1.6.3-52.0.1.el7.AXS7 (AXSA:2024-8620:07)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8620:07 advisory. CVE-2023-4504: scanps: check for null terminator after backslash character CVEs: CVE-2023-4504 Due to failure in validating the length provided by an...
CVE-2025-14450
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...
EUVD-2026-3163
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...
CVE-2026-1018
Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001569)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001569 advisory. A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udffilewriteiter function for the malicious UDF...
MiracleLinux 9 : cups-2.3.3op2-34.el9_7.2 (AXSA:2026-027:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-027:01 advisory. CUPS: Local denial-of-service via cupsd.conf update and related issues CVE-2025-61915 cups: Slow client communication leads to a possible DoS attack...
ROS-20260113-7345
A vulnerability in the ext4fillsuper function in the fs/ext4/super.c module of the ext4 file system of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected...