CVE-2026-6983

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

CVE-2026-6983 pagekit download server-side request forgery

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

PT-2026-35154

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

Pagekit 代码问题漏洞

Pagekit is a modular and lightweight CMS Content Management System developed under open source. Versions of Pagekit 1.0.18 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of parameters in the files/index.php/admin/system/update/download, which may lead to...

Xtool AnyScan App 安全漏洞

Xtool AnyScan App is an automotive diagnostic mobile application from China-based Xtool. A security vulnerability exists in Xtool AnyScan App version 4.40.40, which stems from a lack of authentication at the download endpoint of the update package...

Security Bulletin: NVIDIA License System - September 2025

NVIDIA has released an update for the Delegated License Service DLS component of NVIDIA License System to address a security issue that might lead to impacts described in this bulletin. To protect your system, download and install the latest version of the DLS. To simplify the upgrade of an...

Sealevel Systems SeaConnect 370W 缓冲区错误漏洞

Sealevel Systems SeaConnect 370W is an Industrial Internet of Things Iiot edge device from Sealevel Systems, Inc. A buffer overflow vulnerability exists in Sealevel Systems SeaConnect 370W, which stems from the product's OTA Update u-download feature that does not effectively limit memory...

Description of the Outlook Social Connector update (Oscmoss-x-none.msp): April 10, 2012

Description of the Outlook Social Connector update Oscmoss-x-none.msp: April 10, 2012 INTRODUCTION Microsoft has released an update for Microsoft Outlook Social Connector OSC. This update provides the latest fixes for the 32-bit and 64-bit editions of Microsoft Outlook 2010. Additionally, this...

MS15-081: Description of the security update for Word 2013: August 11, 2015

Resolves vulnerabilities in Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file.SummaryThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office...

Update for the .NET Framework 3.5 Service Pack 1 (May 2009)

Update for the .NET Framework 3.5 Service Pack 1 May 2009 Install this update to address a set of known issues with the Microsoft .NET Framework 3.5 Service Pack 1, the Microsoft .NET Framework 3.0 Service Pack 2, and the Microsoft .NET Framework 2.0 Service Pack 2. After you install this update,...

CVE-2020-8809

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...

CVE-2020-8809

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...

November 13, 2018—KB4467701 (Monthly Rollup)

November 13, 2018—KB4467701 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4462925 released October 18, 2018 and addresses the following issues: Addresses an issue that causes high CPU usage that results in performance...

December 13, 2016 — KB3205383 (OS Build 10240.17202)

December 13, 2016 — KB3205383 OS Build 10240.17202 Improvements and fixes This security update includes these additional improvements and fixes. No new operating system features are being introduced in this update. Key changes include: Addressed issue that causes the System Center Configuration...

CVE-2018-10596 Medtronic 2090 Carelink Programmer Improper Restriction of Communication Channel to Intended Endpoints

Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based VPN connection to a...

MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016

MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016 Summary This update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker to gain elevated privileges that might be used to create accounts, or...

Grandstream Wave Redirection Vulnerability

Grandstream Wave is a free VoIP application from Grandstream. The application supports multiple accounts, simultaneous use of multiple lines, and more. A redirection vulnerability exists in Grandstream Wave version 1.0.1.26, which originates when the program uses an unsecured connection to downlo...

Design/Logic Flaw

Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading 1 ftp or 2 http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this...

CVE-2006-1785

Adobe Document Server for Reader Extensions 6.0 is affected. Remote authenticated users can inject arbitrary web script via a leading ftp/http URI in the ReaderURL variable in the Update Download Site section of ads-readerext, per CVE-2006-1785. The description notes uncertainty about vendor advi...

Security update 1970-01-01

...