25 matches found
EUVD-2026-30543
ws: Uninitialized memory disclosure...
.NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2026-26130 – .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to...
iNetTools 安全漏洞
iNetTools is a network diagnosis and testing tool developed by iNetTools Corporation. Version 8.20 of iNetTools contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability in the Whois function, which could allow attackers to cause the application to crash b...
CVE-2026-2206
A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack...
CVE-2026-2208
A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely. Upgrading to version 8.21 is recommended ...
CVE-2026-2207
A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely...
WeKan 访问控制错误漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a access control vulnerability. This vulnerability stemmed from improper handling of the file server/publications/activities.js component in the Activity Publication Handler, which could le...
CVE-2026-25859
Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...
CVE-2026-1963
A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The pat...
PT-2026-6934
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 8.20 Description Insufficient permission checks in Wekan allow non-administrative users to access migration functionality, potentially leading to unauthorized migration operations. Recommendations Update Wekan to versio...
CVE-2026-1898 WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...
PT-2026-6633
Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.21 Description A flaw exists in WeKan up to version 8.20 related to improper access controls within the REST Endpoint component. The issue resides in an unknown function of the models/boards.js file. Remote exploitati...
CVE-2026-1896 WeKan Migration Operation comprehensiveBoardMigration.js ComprehensiveBoardMigration MigrationBleed access control
A vulnerability has been found in WeKan up to 8.20. Affected by this vulnerability is the function ComprehensiveBoardMigration of the file server/migrations/comprehensiveBoardMigration.js of the component Migration Operation Handler. The manipulation of the argument boardId leads to improper acce...
CVE-2026-1895
CVE-2026-1895 affects WeKan up to version 8.20, specifically the Attachment Storage Handler’s file models/lists.js , function applyWipLimit . The vulnerability arises from a manipulation that can lead to improper access controls and can be exploited remotely. The advisory states that upgrading to...
CVE-2025-14580
A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is possible to launch the...
CVE-2025-13792
A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack...
CVE-2023-28400
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...
mysql: Server: Options unspecified vulnerability (CPU Oct 2021)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...
PT-2022-22387 · Abb · Abb Zenon
Name of the Vulnerable Software and Affected Versions: ABB Zenon version 8.20 Description: The issue allows an attacker to add or alter data points and corresponding attributes. Once such engineering data is used, the data visualization will be altered for the end user. Recommendations: For ABB...
CVE-2022-21334
Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where th...