PT-2026-31149

Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through = 2.10.13...

CVE-2026-26000

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001162)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001162 advisory. The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service memory consumption via a series of KEYREQKEYDEFLTHREADKEYRING...

CVE-2025-62420

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

PT-2025-41931

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 24.10.0 through 24.10.12 Centreon Infra Monitoring versions 24.04.0 through 24.04.17 Centreon Infra Monitoring versions 23.10.0 through 23.10.27 Description A flaw exists in Centreon Infra Monitoring related ...

CVE-2025-58748

CVE-2025-58748 affects DataEase up to version 2.10.12, where the H2 data source (H2.java) does not validate that a JDBC URL starts with jdbc:h2 . This enables a crafted configuration to substitute the Amazon Redshift driver and leverage socketFactory/socketFactoryArg to trigger a remote XML resou...

CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

CVE-2022-20494

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

Sunnet eHRD CTMS SQL注入漏洞

Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from China Sunnet Sunnet. A SQL injection vulnerability exists in Sunnet eHRD CTMS version 10.13 and prior versions, which stems from a SQL injection vulnerability that could allow a remote attacker to read...

SUNNET Corporate Training Management System 安全漏洞

SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.13. An attacker can use this vulnerability to execute arbitrary system commands with SYSTEM...

PT-2024-2602 · Forcepoint · Forcepoint Next Generation Firewall Security Management Center

Name of the Vulnerable Software and Affected Versions: Forcepoint Next Generation Firewall Security Management Center versions prior to 6.10.13 Forcepoint Next Generation Firewall Security Management Center versions 6.11.0 through 7.1.2 Description: The issue is related to improper neutralization...

PT-2023-17733 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a possible escalation of privilege due to unsafe deserialization in the ChooseTypeAndAccountActivity.java file. This could lead to local escalation of privile...

PT-2023-17732 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a path traversal error in the clearApplicationUserData function of ActivityManagerService.java. This error could allow the removal of system files, potentiall...

SUSE CVE-2018-4181

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions...

Google Android Automotive OS 安全漏洞

Google Android Automotive OS is an operating system and platform from Google Inc. that runs directly on in-vehicle hardware. Android Automotive OS AAOS suffers from a security vulnerability that stems from a privilege bypass in AndroidManifest.xml, which could potentially grant signing privileges...

CVE-2022-20494

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

PT-2023-12655 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a possible persistent denial of service DoS due to resource exhaustion in the AutomaticZenRule of AutomaticZenRule.java. This could lead to a local denial of...