CVE-2024-46636

NASA Earth Observing System Data and Information System EOSDIS MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter...

EUVD-2026-19855

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

CVE-2026-33167

CVE-2026-33167 is related to a Rails XSS in Action Pack debug exceptions. Affected component: Rails Action Pack debug exceptions page when detailed exception pages are enabled (config.consider_all_requests_local = true). Root cause: exception messages are not properly escaped, allowing injection ...

CVE-2019-25562

JetAudio 8.1.7 is affected by a local-denial-of-service via a buffer overflow in the video converter’s File Naming field. A 512-byte malicious buffer pasted into File Naming and triggered by clicking Preview crashes the application. Root cause: buffer overflow in the File Naming parameter. Affect...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005379)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005379 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containin...

CVE-2025-68501 WordPress Mollie Payments for WooCommerce plugin <= 8.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through = 8.1.1...

PT-2026-21087

Name of the Vulnerable Software and Affected Versions Mollie Payments for WooCommerce versions through 8.1.1 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting condition. The issue allows for the...

CVE-2026-24630

CVE-2026-24630 is a Stored XSS in WordPress Stylish Cost Calculator plugin (

CVE-2025-67944

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.1.8...

Security Bulletin: IBM Storage Ceph is vulnerable to HTTP Request/Response Smuggling in Grafana (CVE-2025-22871)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Golang via Grafana. CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line...

PHP 安全漏洞

PHP is a scripting language executed server-side by PHP Open Source. A security vulnerability exists in PHP versions prior to 8.1.34, 8.2.30, 8.3.29, 8.4.16, and 8.5.1, which stems from the getimagesize function in multi-block mode that may leak uninitialized heap memory, potentially leading to...

CTERA Portal 安全漏洞

CTERA Portal is an enterprise-grade cloud data management platform from CTERA. A security vulnerability exists in Ctera Portal version 8.1.x, which stems from improper handling of HTML files and could lead to server-side request forgery...

IBM UrbanCode Deploy（IBM UCD）和IBM DevOps Deploy 代码问题漏洞

IBM UrbanCode Deploy IBM UCD and IBM DevOps Deploy are both products of International Business Machines IBM.IBM UrbanCode Deploy is a suite of application automation deployment tools. The tool is based on an application deployment automation management information model, and through remote agent...

Security Bulletin: IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information (CVE-2025-13489)

Summary Certain versions of the IBM DevOps Deploy include a configuration file that does not enforce redirecting HTTP traffic to HTTPS as intended CVE-2025-13489 Vulnerability Details CVEID:CVE-2025-13489 DESCRIPTION: IBM DevOps Deploy transmits data in clear text that could allow an attacker to...

Security Bulletin: IBM Storage Protect Server is susceptible to a vulnerability due to Golang net library

Summary Golang net library is used by the IBM Storage Protect Server Object Agent and OSSM component. Golang net is vulnerable to IPv6 zone ID mishandling leading to proxy bypass, This bulletin identifies the steps to address the vulnerabilities. CVE-2025-22870. Vulnerability Details...

CVE-2025-46364

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system...

CVE-2025-43017 HP ThinPro 8.1 SP8 Security Updates

HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities...

HP ThinPro 安全漏洞

HP ThinPro is a Linux-based operating system from Hewlett-Packard HP in the United States. A security vulnerability exists in HP ThinPro version 8.1, which stems from a failure to validate a user's true identity...

PT-2025-40486

Name of the Vulnerable Software and Affected Versions Wp cycle text announcement plugin for WordPress versions through 8.1 Description The Wp cycle text announcement plugin for WordPress is susceptible to SQL Injection through the 'cycle-text' shortcode. Insufficient escaping of user-supplied...

GE UR family Insecure Default Variable Initialization (CVE-2021-27426)

GE UR IED firmware versions prior to version 8.1x with Basic security variant does not allow the disabling of the Factory Mode, which is used for servicing the IED by a Factory user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...