EUVD-2025-207564

Improper Control of Generation of Code 'Code Injection' vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8....

CVE-2025-9120

CVE-2025-9120 : OpenText Carbonite Safe Server Backup is affected up to version 6.8.3 by an improper generation of code vulnerability (code injection). The issue can be exploited via an open port to potentially gain unauthorized access, with a CVSSv4.0 base score of 8.6 (HIGH) and local attack Ve...

OpenText Carbonite Safe Server Backup 代码注入漏洞

OpenText Carbonite Safe Server Backup is a hybrid cloud backup software developed by OpenText Corporation in Canada. Versions of OpenText Carbonite Safe Server Backup 6.8.3 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper code generation controls, whi...

CVE-2025-61782

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint /auth/saml/callback. By manipulating the RelayState parameter, an attacker can...

OpenCTI 输入验证错误漏洞

OpenCTI is an open source cyber threat intelligence platform from OpenCTI. An input validation error vulnerability exists in OpenCTI versions prior to 6.8.3 that stems from improper manipulation of the RelayState parameter in the SAML authentication endpoint, which could lead to an open redirecti...

CVE-2025-62368 Taiga Authenticated Remote Code Execution

Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0...

CVE-2025-62367

Taiga (open source project management platform) – CVE-2025-62367 affects Taiga API in versions 6.8.3 and earlier, where a time-based blind SQL injection can disclose sensitive data via response timing. Root cause: improper handling of API input enabling blind SQL injection. Impact: potential expo...

[SECURITY] Fedora 41 Update: wordpress-6.8.3-1.fc41

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

[SECURITY] Fedora 42 Update: wordpress-6.8.3-1.fc42

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

Cross-site Scripting (XSS) - Stored in s-cart/s-cart

Description Stored XSS in S-Cart Version 6.8.3 affecting Product and Category module. Proof of Concept Product version: S-Cart Version 6.8.3 core 6.8.10 , https://github.com/s-cart/s-cart/releases/tag/v6.8.3 Vulnerability 1: Stored XSS In Product module 1 Endpoint: POST...

Sql injection

The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request:...

Synology Photo Station Cross-Site Scripting Vulnerability (CNVD-2018-07562)

Synology Photo Station is a Synology solution for sharing pictures, videos and blogs over the Internet, and Log Viewer is one of the log viewers. A cross-site scripting vulnerability exists in Log Viewer in Synology Photo Station versions prior to 6.8.3-3463 and prior to 6.3-2971. A remote attack...