EUVD-2025-24785

Malicious code in bioql PyPI...

CVE-2025-52721

Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3...

CVE-2025-52721

CVE-2025-52721 concerns the Global Gallery WordPress plugin (versions up to 9.2.3). It describes a Missing Authorization / Broken Access Control vulnerability enabling an unauthorized user to exploit access control misconfigurations. Public sources indicate the affected software is Global Gallery...

CVE-2025-52721 WordPress Global Gallery Plugin <= 9.2.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3...

CVE-2025-52721 WordPress Global Gallery Plugin <= 9.2.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3...

PT-2025-33208 · Unknown · Lcweb Global Gallery

Name of the Vulnerable Software and Affected Versions: LCweb Global Gallery versions n/d through 9.2.3 Description: A missing authorization flaw in LCweb Global Gallery allows exploitation due to incorrectly configured access control security levels. Recommendations: At the moment, there is no...

CVE-2024-45739

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level...

CVE-2024-45739

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level...

PT-2024-7156 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise version 9.2.0 through 9.2.3 Splunk Cloud Platform versions prior to 9.2.2403.103 Splunk Cloud Platform versions 9.1.2312.200 through 9.1.2312.110 Splunk Cloud Platform version...

CVE-2024-31309 Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...

CVE-2023-49337

Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. 8.5 and earlier are unaffected...

PortlandLabs Concrete CMS Security Vulnerability

PortlandLabs Concrete CMS is an open source team-oriented content management system from PortlandLabs, Inc. A security vulnerability exists in Concrete prior to version 9.2.3, which stems from a cross-site request forgery attack via ccm/calendar/dialogs/event/delete/submit...

CVE-2023-39456

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue...

CVE-2023-41752 Apache Traffic Server: s3_auth plugin problem with hash calculation

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue...

PT-2023-26958 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 9.0.0 through 9.2.2 Description: The issue is related to an Improper Input Validation vulnerability in Apache Traffic Server, specifically with malformed HTTP/2 frames. Users are recommended to upgrade to a fixe...

CVE-2022-45103

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system...

JettyWebServer 9.2.3-9.2.8 shared-buffer 信息泄露漏洞

No description provided by source...

PostgreSQL Denial of Service Vulnerability - Windows

PostgreSQL is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...