21 matches found
PT-2026-47051
Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 11.0.3 Description An authenticated attacker can inject malicious JavaScript into their user profile and abuse the password reset functionality to send a link to an HTML page. When a victim visits this page, the...
CVE-2026-25742
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...
CVE-2026-2072
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...
CVE-2026-33855
CVE-2026-33855 describes an Integer Overflow or Wraparound in MolotovCherry Android-ImageMagick7, affecting Android-ImageMagick7 prior to 7.1.2-11. The Red Hat and EU/NVD/NIST entries corroborate the issue. The vulnerability’s impact is noted as HIGH for availability (per NVD CVSS3.1) with a LOCA...
jsrsasign 安全漏洞
jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of encryption steps in the DSA signature implementation, which could lead to the exposure of private key...
Directus 安全漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from a REST API error message discrepancy that could lead to the disclosure of unauthorized...
Directus 安全漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from field-level permissions not being properly cleared when deleting fields, which could lea...
CVE-2025-61115
ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...
CVE-2025-9313 Unauthorized database access in Asseco mMedica
An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and...
CVE-2025-9313 Unauthorized database access in Asseco mMedica
An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and...
CVE-2025-57791
CVE-2025-57791 is an argument-injection vulnerability in Commvault components, enabling remote injection/manipulation of command-line arguments due to insufficient input validation. Exploitation can yield a valid session for a low-privilege user, and is part of an exploit chain including CVE-2025...
EUVD-2025-25256
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution...
CVE-2023-3652
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11...
CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...
CVE-2022-23233
StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service DoS of the Local Distribution Router LDR service...
CVE-2021-44028
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...
Cisco Data Center Network Manager SQL注入漏洞
Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A SQL injection vulnerability exists in the REST API endpoint of Cisco Data Center...
McAfee Data Loss Prevention Endpoint for Mac Credential Protection Vulnerability
McAfee Data Loss Prevention Endpoint DLPe is an integrated endpoint data protection solution from McAfee. The solution prevents theft and accidental disclosure of confidential data and provides security policies for file handling and transmission, shared endpoint data flow control and data...
CVE-2020-7301
Cross Site scripting vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section...
Apple Xcode ld64 Component Arbitrary Code Execution Vulnerability
Apple Xcode is a set of integrated development environments IDEs provided to developers by Apple, Inc. that are used to develop applications for Mac OS X and iOS. ld64 is one of the Apple toolchain linking programs. An arbitrary code execution vulnerability exists in the ld64 component of Apple...