PT-2026-29530

Multiple stored cross-site scripting XSS vulnerabilities in the submit add user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...

CVE-2026-29597

DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...

HYPR Server 安全漏洞

HYPR Server is a server owned by HYPR Corporation. Versions of HYPR Server prior to 10.7 contained security vulnerabilities. These vulnerabilities were caused by improper permission allocation, which could lead to unauthorized privilege escalation...

CVE-2025-63314

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...

DDSN Interactive Acora CMS 安全漏洞

DDSN Interactive Acora CMS is an enterprise web and mobile CMS from DDSN Interactive. A security vulnerability exists in DDSN Interactive Acora CMS version v10.7.1, which stems from the use of static tokens for the password reset feature, which could lead to account takeover via replay attacks...

PT-2026-2277

Name of the Vulnerable Software and Affected Versions DDSN Interactive Acora CMS version 10.7.1 Description A static password reset token used in the password reset function allows attackers to reset user passwords and take over accounts through replay attacks. The vulnerable function is the...

CVE-2025-63005 WordPress WordPress Tooltips plugin <= 10.9.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas WordPress Tooltips wordpress-tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through = 10.9.3...

SUSE-SU-2025:21233-1 Security update for qemu

This update for qemu fixes the following issues: Update to version 10.0.7. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host bsc1253002. - CVE-2025-11234:...

CVE-2024-39658

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7...

WordPress Salon Booking System plugin <= 10.7 - Authenticated SQL Injection vulnerability

Authenticated SQL Injection vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Salon booking system versions = 10.7...

mariadb: server crash in JOIN_CACHE::free or in copy_fields

MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...

ClassLink Cross-Site Scripting Vulnerability

ClassLink is a provider of identity and access management products from ClassLink, Inc. that provide instant access to applications and files through SSO, class scheduling, account configuration, and more. A security vulnerability exists in ClassLink OneClick Extension version 10.7 that stems fro...

mariadb: server crash in Item_args::walk_args

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Itemargs::walkargs...

UBUNTU-CVE-2022-32085

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Itemfuncin::cleanup/Item::cleanupprocessor...

MariaDB SQL注入漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.7 that allows an attacker to cause a denial of service DoS via a specially crafted SQ...

MariaDB SQL注入漏洞

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.7 and lower, which can be exploited by an attacker to cause a denial of service DoS via a...

Software AG MashZone NextGen 代码问题漏洞

Software AG MashZone NextGen is a software from Software AG, Germany. It is used to visualize data interactively. A security vulnerability exists in Software AG MashZone NextGen version 10.7 and earlier versions, which stems from the "Register an Ehcache Configuration File" administrative feature...

mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join

A flaw was found in MariaDB. An issue in the component, Usedtablesandconstcache::usedtablesandconstcachejoin, of the MariaDB Server v10.7 allows attackers to cause a denial of service DoS via specially crafted SQL statements, impacting availability...

Symantec Messaging Gateway Authorization Issues Vulnerability

Symantec Messaging Gateway is a suite of spam filters from Symantec USA. The product features anti-spam, anti-virus, advanced content filtering, and data leakage protection. An authorization issue vulnerability exists in Symantec Messaging Gateway prior to version 10.7.4. The vulnerability arises...

McAfee Endpoint Security Cross-Site Scripting Vulnerability

McAfee Endpoint Security ENS is the United States McAfee McAfee company's set of framework for providing intelligent collaboration and advanced threat defense. The framework supports the entire threat defense lifecycle of real-time communications control and actionable threat forensics and so on....