70 matches found
CVE-2025-66593
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
PT-2026-43591
Name of the Vulnerable Software and Affected Versions Synology Assistant versions prior to 7.0.6-50085 Description An origin validation error allows local users to write arbitrary files with restricted content during the installation process. Recommendations Update to version 7.0.6-50085 or later...
CVE-2026-42569
phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6...
CVE-2026-42569
phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6...
CVE-2026-34220
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6....
CVE-2026-34221
CVE-2026-34221 affects MikroORM (TypeScript ORM for Node.js). The vulnerability is in the internal Utils.merge helper, which can be triggered during object structure merges and allows prototype pollution by passing keys like proto , constructor , or prototype . Affected versions are prior to 6.6....
MikroORM 安全漏洞
MikroORM is an open-source framework from MikroORM that supports type-safe object-relational mapping for multiple databases. Versions of MikroORM prior to 6.6.10 and 7.0.6 contained security vulnerabilities. These vulnerabilities stemmed from theUtils.merge helper function not preventing special...
PT-2026-23387
Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce License Manager: from n/a through = 7.0.6...
PT-2026-6753
Name of the Vulnerable Software and Affected Versions Xerox CentreWare versions through 7.0.6 Description A flaw exists in Xerox CentreWare on Windows that allows for Stored Cross-site Scripting XSS. This issue involves improper neutralization of input during web page generation. The vulnerabilit...
Linux Distros Unpatched Vulnerability : CVE-2017-12566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service,...
Linux Distros Unpatched Vulnerability : CVE-2023-21899
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.42 and prior t...
WordPress plugin SpecFit-Virtual Try On Woocommerce 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...
CVE-2025-31609
Technical details about CVE-2025-31609 are not provided in the supplied documents. Please monitor for updates from the vendor/NVD; no product versions, impact, or fixes are disclosed here.
PT-2024-36152 · Unknown · Wpcargo Track & Trace
Name of the Vulnerable Software and Affected Versions: WPCargo Track & Trace versions 7.0.6 and earlier Description: The issue is related to a Missing Authorization vulnerability in WPCargo Track & Trace, which allows exploitation of incorrectly configured access control security levels...
CVE-2024-23666
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through...
WordPress WPCargo Track & Trace Plugin <= 7.0.6 is vulnerable to SQL Injection
Software WPCargo Track & Trace Type Plugin Vulnerable versions = 7.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-44004 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 8e07b930efd1 Credits LVT-tholv2k Required privilege...
UBUNTU-CVE-2024-38535
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...
CVE-2024-38534
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue...
MongoDB Certificate Validation Vulnerability (SERVER-72839) - Windows
MongoDB is prone to a certificate validation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...
WordPress WP Full Stripe Free Plugin < 7.0.6 is vulnerable to Cross Site Scripting (XSS)
Software WP Full Stripe Free Type Plugin Vulnerable versions 7.0.6 Fixed in 7.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46088 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9105f031f270 Credits LEE SE HYOUNG...