CVE-2025-7002

CVE-2025-7002 is a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine when scanning a malformed PDF, potentially allowing local code execution or crashing the antivirus process. Affected products are Avira Antivirus engines on Windows, macOS, and Linux with builds prior to...

CVE-2025-7002 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68...

Astra Linux - уязвимость в vim

Use After Free in the GitHub repository vim/vim before version 8.2...

CVE-2026-21024

Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions...

Astra Linux – Vulnerability in curl

There is an authentication bypass vulnerability in libcurl version 8.0.0, particularly in the FTP connection reuse feature. This vulnerability can cause incorrect credentials to be used during subsequent transfers. Previously created connections are retained in a connection pool for reuse if they...

CVE-2026-27811

CVE-2026-27811 affects the Roxy-WI web interface. Prior to version 8.2.6.3, a command injection exists in the /config/compare///show endpoint. The root cause is in app/modules/config/config.py on line 362, where user input is directly formatted into a template string that is eventually executed, ...

CVE-2026-25929 OpenEMR Patient Picture Context Allows Arbitrary Patient Photo Retrieval

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s patientpicture context serves the patient’s photo by document ID or patient ID without verifying that the current user is authorized to access...

CVE-2026-25127 OpenEMR has Broken Access Control on Care Coordination Module

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue...

Intel Processor Identification Utility 代码问题漏洞

Intel Processor Identification Utility is a processor identification utility from Intel Corporation USA. The program supports the display of graphics information, chipset information, processor supported technologies, and other information. A code issue vulnerability exists in Intel Processor...

CVE-2025-30479

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system...

CVE-2025-45379

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system...

Dell CloudLink 操作系统命令注入漏洞

Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which could be exploited by an attacker to execute arbitrary commands on the system...

JLSEC-2025-32 A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handle...

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

CVE-2025-46257 WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0...

CVE-2023-3075

Cross-Site Request Forgery CSRF in GitHub repository tsolucio/corebos prior to 8...

CVE-2019-15650

The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes such as disabling unattended theme updates because of a nonce check error...

AZL-77493 CVE-2025-30204 affecting package cf-cli for versions less than 8.4.0-27

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AZL-50391 CVE-2024-21198 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

PHP 环境问题漏洞

PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP versions prior to 8.1.30, 8.2.24, and 8.3.12, which stems from a flaw in the parsing of the data content of multi-part forms, which could result in legitimate data being left unprocessed,...

Visual Planning Admin Center 安全漏洞

Visual Planning Admin Center is a cloud-based resource management and scheduling software from Visual Planning. A security vulnerability exists in versions prior to Visual Planning Admin Center 8 Build 240207 that stems from insufficient access checking. An attacker could exploit the vulnerabilit...