EUVD-2026-23834

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

PT-2026-33758

Name of the Vulnerable Software and Affected Versions gnu sed versions prior to 4.10 Description A race condition exists when the software is invoked with both -i in-place edit and --follow-symlinks. The function open next file performs two separate, non-atomic filesystem operations on the same...

CVE-2026-2152

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file advrouting.php of the component Web Configuration Interface. Performing a manipulation of the argument destip/ submask/ gw results in os command injection. The attack may be initiated remotely. T...

PT-2026-5053

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 4.10 Description A flaw exists in the URL Filter component of D-Link DIR-615 version 4.10, specifically in the processing of the /set temp nodes.php file. This allows for os command injection, which can be triggered...

EUVD-2021-27172

Malware in sbrugna...

PT-2025-36813

Name of the Vulnerable Software and Affected Versions: Frenify Mow versions through 4.10 Description: A Cross-Site Request Forgery CSRF vulnerability exists in Frenify Mow that allows Code Injection. Recommendations: At the moment, there is no information about a newer version that contains a fix...

CVE-2025-54034

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Tribulant Software Newsletters newsletters-lite allows PHP Local File Inclusion.This issue affects Newsletters: from n/a through = 4.10...

CVE-2022-27107

OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideolinkAddress" parameter...

CVE-2021-25278

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

CVE-2022-21706

Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...

PT-2024-20317 · Unknown · Zentao Community Edition +2

Name of the Vulnerable Software and Affected Versions: ZenTao Community Edition versions 18.10 ZenTao Biz versions 8.10 ZenTao Max versions 4.10 Description: An arbitrary file upload issue in the /upgrade/control.php endpoint allows attackers to execute arbitrary code by uploading a crafted .txt...

SUSE CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP...

Session fixation

Silverstripe silverstripe/framework through 4.10 allows Session Fixation...

GSD-2022-1003271 scsi: sd: Fix potential NULL pointer dereference

scsi: sd: Fix potential NULL pointer dereference This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.47 by commit...

silverstripe framework 授权问题漏洞

silverstripe framework is a CMS web framework. A security vulnerability exists in silverstripe framework version 4.10 and earlier versions, which stems from the fact that the Silverstripe ID does not expire upon logout...

TDQM Arbitrary Code Execution

The tqdm.version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory...

Cloud Foundry UAA accepts refresh token as access token on admin endpoints

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longe...

GSD-2022-1001215 PCI: Reduce warnings on possible RW1C corruption

PCI: Reduce warnings on possible RW1C corruption This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

OrangeHRM Cross-Site Scripting Vulnerability (CNVD-2022-30440)

Orangehrm is a human resource management system HRM from Orangehrm, a US-based company. The system supports personnel information management, leave management, attendance management and recruitment management, etc. Orangehrm version 4.10 has a cross-site scripting vulnerability that can be...

Orangehrm 安全漏洞

Orangehrm is a human resource management system HRM from Orangehrm, a US-based company. The system supports personnel information management, leave management, attendance management and recruitment management. orangehrm version 4.10 has a security vulnerability that can be exploited by an attacke...