36 matches found
GHSA-JH32-V29G-68PQ TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework
Problem Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...
Microsoft Exchange Server 服务端请求伪造漏洞
Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw...
CVE-2025-40810
A vulnerability has been identified in Solid Edge SE2024 All versions V224.0 Update 14, Solid Edge SE2025 All versions V225.0 Update 6. The affected applications contains an out of bounds write vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the...
CVE-2024-56464
IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update...
PT-2025-46718
Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 Description IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 stores user credentials in configuration files within source control. An authenticated user can read these credentials. Recommendations...
PT-2025-45059
Name of the Vulnerable Software and Affected Versions Secure Access Windows versions 12.0 through 14.10 Description This is a denial-of-service issue in Secure Access Windows. If a local networking policy is active, attackers on a nearby network may be able to send a specially crafted packet that...
Microsoft Exchange Server 信息泄露漏洞
Microsoft Exchange Server is a set of e-mail service programs from Microsoft. It provides email access, storage, forwarding, voice mail, email filtering and screening. An information disclosure vulnerability exists in Microsoft Exchange Server. An attacker could exploit this vulnerability to obta...
Microsoft Exchange Server 输入验证错误漏洞
Microsoft Exchange Server is a set of e-mail service programs from Microsoft USA. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. An input validation error vulnerability exists in Microsoft Exchange Server that stems from incorrect inpu...
PT-2024-30979 · Apple · Macos Sonoma +1
Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.6 Description: The issue allows a person with physical access to an unlocked Mac to potentially gain root code execution. This is achieved through a specific exploit that does not require user interaction...
PT-2024-19727 · Apple · Macos Sonoma +1
Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.4 Description: A privacy issue was addressed with improved handling of temporary files. This issue allows an app to potentially capture a user's screen. Recommendations: For macOS Sonoma versions prior to 14....
PT-2024-19728 · Apple · Macos Sonoma +1
Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.4 Description: The issue allows entitlements and privacy permissions granted to an app to be used by a malicious app. This was addressed with improved checks. Recommendations: For macOS Sonoma versions prior ...
CVE-2022-42341
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...
CVE-2022-38422
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction...
CVE-2022-35712
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is...
CVE-2022-38419
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...
CVE-2022-35710
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is...
CVE-2022-38418
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does...
CVE-2022-38420
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interactio...
CVE-2022-35690
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is...