PT-2026-39160

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

Jupyter多款产品 跨站脚本漏洞

Jupyter Notebook is an open-source web application developed by Project Jupyter, designed for creating and sharing code along with explanatory text documents. JupyterLab is another open-source project developed by JupyterLab, offering an extensible environment for interactive and reproducible...

CVE-2026-6060

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

PT-2026-30888

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical SQL injection vulnerability exists in src/Reports/FundRaiserStatement.php where the $ SESSION'iCurrentFundraiser' value is used in an unquoted numeric SQL context without integer validation. The value originates from...

Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...

CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

Seeyon Zhiyuan A8+ security vulnerabilities

Seeyon Zhiyuan A8+ is a collaborative management software developed by the Chinese company Seeyon. Version 7.0 of Seeyon Zhiyuan A8+ contains a security vulnerability. This vulnerability stems from improper handling of the topValue parameter in the seeyon/main.do endpoint, which may lead to...

mPDF 安全漏洞

mPDF is mPDF open source a library written in PHP for the use of HTML to PDF file conversion . mPDF version 7.0 there is a security vulnerability , the vulnerability stems from the annotation file parameters exist in the local file contains a vulnerability , which may lead to read arbitrary syste...

CVE-2017-12646

XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address...

CVE-2019-11619

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user or a user with permission to manage configuration analytics could exploit the vulnerability to obtain database sensitive...

CVE-2019-11617

doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification...

CVE-2019-11626

routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request...

CVE-2025-14847

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

ZIRA Group Wholesale Business Revenue Management 安全漏洞

ZIRA Group Wholesale Business Revenue Management is a wholesale business revenue management system from ZIRA Group company in Bosnia and Herzegovina. A security vulnerability exists in ZIRA Group WBRM version 7.0, which originates from a SQL injection vulnerability in the...

Fortinet FortiADC 信息泄露漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. An information disclosure vulnerability exists in Fortinet FortiADC, which stems from the exposure of sensitive information and could lead to obtaining passwords for external resources. The following versions are affected...

PT-2025-46973

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 8.0.1 Description: A relative path traversal vulnerability exists in Fortinet FortiWeb versions 7.0.0 through 8.0.1. This flaw allows an unauthenticated attacker to execute administrative commands on t...

EUVD-2017-4184

Malware in sbrugna...

EUVD-2017-4799

Malware in sbrugna...

EUVD-2017-4752

Malware in sbrugna...