CVE-2019-25268

NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SM...

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2025-59389

An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later...

QNAP Systems Multi-Application Recovery Service SQL注入漏洞

QNAP Systems Multi-Application Recovery Service is a multi-application disaster recovery solution from Taiwan, China-based QNAP Systems. A SQL injection vulnerability exists in QNAP Systems Multi-Application Recovery Service versions prior to 1.2.1.1686, which originates from an SQL injection tha...

QNAP Systems Hyper Data Protector SQL注入漏洞

QNAP Systems Hyper Data Protector is a one-stop backup software from Taiwan, China-based QNAP Systems. QNAP Systems Hyper Data Protector suffers from a SQL injection vulnerability that stems from susceptibility to SQL injection attacks that could result in the execution of unauthorized code or...

GHSA-XM59-RQC7-HHVF nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

Summary On Windows, converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a inkscape.bat file that defines a Windows batch script, capable of arbitrary code execution. When a user runs jupyter nbconvert --to pdf on a...

nbconvert 代码问题漏洞

nbconvert is a format conversion library organized by Jupyter. Converts Jupyter .ipynb notebook document files to another static format, including HTML, LaTeX, PDF, Markdown, and more. A code issue vulnerability exists in nbconvert 7.16.6 and earlier versions that stems from improper handling whe...

QNAP Systems Hero和QNAP Systems QTS SQL注入漏洞

QNAP Systems Hero and QNAP Systems QTS are both products of China-based Weilian Technology QNAP Systems.QNAP Systems Hero is a NAS operating system for file management. The system retains the application ecosystem of QTS and integrates the more powerful 128-bit ZFS file system to provide...

CVE-2025-64156

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.4, 23.16, 21.22 and earlier. The vulnerabilities are in the way ColdFusion handles file uploads, input validation, and data access. Users with high privileges can execute unauthorized code or access sensitive data without...

CVE-2025-64156

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

CVE-2025-64156

Fortinet FortiVoice contains an SQL injection vulnerability (CVE-2025-64156) due to improper neutralization of special elements in SQL commands. Affected versions: FortiVoice 6.0 (all), 6.4 (all), 7.0.0–7.0.7, and 7.2.0–7.2.2. An authenticated privileged attacker could exploit crafted requests to...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

EUVD-2025-202278

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.1, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

CVE-2025-64153

CVE-2025-64153 is an OS command injection in Fortinet FortiExtender. A authenticated attacker can execute arbitrary commands via a crafted HTTP request due to improper input neutralization in FortiExtender versions 7.0, 7.2, 7.4.0–7.4.7, and 7.6.0–7.6.3. Public reports (Red Hat, CIRCL, CVE lists,...

PT-2025-50128

Name of the Vulnerable Software and Affected Versions Fortinet FortiVoice versions 6.0 all versions Fortinet FortiVoice versions 6.4 all versions Fortinet FortiVoice versions 7.0.0 through 7.0.7 Fortinet FortiVoice versions 7.2.0 through 7.2.2 Description The software contains an improper...

PT-2025-50176

Name of the Vulnerable Software and Affected Versions Microsoft Office Access affected versions not specified Description A relative path traversal issue exists in Microsoft Office Access. This allows an unauthorized attacker to execute code locally. The issue can also allow remote attackers to...

PT-2025-50114

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 4.0 all versions Fortinet FortiSandbox versions 4.2 all versions Fortinet FortiSandbox versions 4.4.0 through 4.4.7 Fortinet FortiSandbox versions 5.0.0 through 5.0.2 Description The Fortinet FortiSandbox softwar...

CVE-2025-59890

Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of Galileo which is...

EUVD-2025-199818

Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of Galileo which is...