16 matches found
CVE-2026-7705
A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...
CVE-2022-26748
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2022-50267
In the Linux kernel, the following vulnerability has been resolved: mmc: rtsxpci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...
CVE-2023-30956
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0...
WordPress plugin WooCommerce Fattureincloud 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-26933 WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue affects WC Place Order Without Payment: from n/a through =...
WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin ApplyOnline versions = 2.6.7.1...
PT-2023-24941 · WordPress · Ultimate Member
Name of the Vulnerable Software and Affected Versions: Ultimate Member WordPress plugin versions prior to 2.6.7 Description: The issue allows attackers to create user accounts with arbitrary capabilities, effectively enabling them to create administrator accounts at will. This is being actively...
SUSE CVE-2021-36782
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versio...
PT-2022-36479 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.267 Description: The issue is related to a potential security problem in the net/x25 component, specifically in the x25 lapb receive frame function, where a skb leak may occur. The actual impact and attack...
CVE-2022-2675
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 using firmware version 0.1.35 can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1...
CVE-2022-26756
creationtimestamp| type| source ---|---|--- 2022-05-27 00:14:36+00:00| seen| https://t.me/cibsecurity/43455...
AZL-6437 CVE-2021-27218 affecting package glib for versions less than 2.60.1-5
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation...
PT-2021-3164
Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.10.8 FasterXML jackson-databind versions 2.6.x before 2.6.7.5 Description The issue is related to the interaction between serialization gadgets and typing, specifically with the...
PT-2020-9918 · Apache · Apache Dubbo
Name of the Vulnerable Software and Affected Versions: Apache Dubbo versions 2.5.x Apache Dubbo versions 2.6.0 through 2.6.7 Apache Dubbo versions 2.7.0 through 2.7.4 Description: Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a PO...
CImg Heap Buffer Overflow Vulnerability
CImg Library is an open source C++ library for image processing . A buffer overflow vulnerability exists in the loadbmp file in the CImg.h file in CImg Library versions 2.6.7 and earlier. The vulnerability stems from a networked system or product performing operations in memory without properly...