CVE-2026-44473

CVE-2026-44473 affects Ella Core (5G core for private networks). Before v1.10.0, a radio with a valid NG Setup could send a forged PDUSessionResourceSetupResponse containing another UE’s AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE’s NG-co...

PT-2026-36126

Weaver Fanwei E-office versions prior to 10.0 20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

CVE-2025-34401

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variab...

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

...

BIT-MARIADB-MIN-2022-31621

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dsxbstream.cc, when an error occurs streamctxt-destfile == NULL while executing the method xbstreamopen, the held lock is not released correctly, which allows local users to trigger a denial of service due to the...

PT-2024-13551 · Atos · Atos Unify Openscape Voice

Name of the Vulnerable Software and Affected Versions: Atos Unify OpenScape Voice versions prior to V10R3.26.1 Description: A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice allows a remote attacker to view the contents of arbitrary files in the local...

CVE-2022-44612

Use of hard-coded credentials in some IntelR UnisonTM software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access...

CVE-2023-28759

An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system...

PT-2023-21942 · Veritas · Veritas Netbackup

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions prior to 10.0 Description: A vulnerability exists in the way the client validates the path to a DLL prior to loading, which may allow a lower-level user to elevate privileges and compromise the system...

SUSE CVE-2011-0560

Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578,...

Technitium DNS Server 安全漏洞

Technitium DNS Server is an open source authoritative and recursive DNS server from the Technitium team. It can be used to self-host DNS servers for privacy and security. A security vulnerability exists in versions of Technitium DNS Server prior to 10.0, which stems from a loop occurring in its...

CVE-2021-3012

A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...

Intel Chipset Device Software Elevation of Privilege Vulnerability

Intel Chipset Device Software is a chipset firmware update utility from Intel Corporation USA. A security vulnerability exists in the installer in Intel Chipset Device Software INF Update Utility versions prior to 10.1.1.45. A local attacker can exploit the vulnerability to elevate privileges...

Unspecified vulnerability in Joyent Node.js (CNVD-2019-42560)

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...

CVE-2016-4772

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service unintended lock via unspecified vectors...

flash-plugin: multiple code execution flaws (APSB11-02)

Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578,...