36 matches found
CVE-2026-8464 Path traversal in Neuron Soft Golem OEE MES
Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths. This issue has been fixed in version 11.6.0...
CVE-2026-8464
CVE-2026-8464 : Golem OEE MES is affected by an unauthenticated path-traversal vulnerability that could allow an attacker in the same local network to read arbitrary files from the server by manipulating HTTP request paths. The issue is fixed in version 11.6.0. Affected product: Golem OEE MES; vu...
CVE-2026-26058
Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...
CVE-2026-26058
Zulip (open-source team collaboration tool) is affected in versions 1.4.0 up to, but not including, 11.6. The vulnerability arises in the import path where ./manage.py import can read arbitrary server files due to path traversal in uploads/records.json. A crafted export tarball can cause the serv...
CVE-2026-25742 Zulip: Anonymous File Access After Disabling Spectator Access
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...
CVE-2026-25742 Zulip: Anonymous File Access After Disabling Spectator Access
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...
PT-2026-21362
ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...
EUVD-2025-35901
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions less than, or equal to, 11.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-61797
Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...
CVE-2025-61796
Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...
IBM InfoSphere Master Data Management 跨站脚本漏洞
IBM InfoSphere Master Data Management is a product information management software from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM InfoSphere Master Data Management versions 11.6, 12.0, and 14.0 that originates from stored cross-site scripting and coul...
PT-2024-13632 · Wwbn · Wwbn Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A cross-site scripting xss vulnerability exists in the function getOpenGraph videoName functionality. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a us...
PT-2024-13424 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and dev master commit 15fed957fb Description: An information disclosure issue exists in the aVideoEncoder.json.php chunkFile path functionality. A specially crafted HTTP request can lead to arbitrary file read...
PT-2024-13523 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo version 11.6 WWBN AVideo dev master commit 15fed957fb Description: A cross-site scripting xss issue exists in the channelBody.php user name functionality. This allows arbitrary Javascript execution through a specially crafted HTTP...
CVE-2023-6071
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source...
Recoverit Data Recovery Trust Management Issues Vulnerability
Recoverit Data Recovery is a data recovery tool from Recoverit. A security vulnerability exists in Recoverit Data Recovery version 11.6, which originated from a vulnerability that allows an attacker to achieve remote code execution via a man-in-the-middle attack...
PT-2023-26383 · Minitool · Minitool Power Data Recovery
Name of the Vulnerable Software and Affected Versions: MiniTool Power Data Recovery version 11.6 Description: The issue is related to an insecure installation process in MiniTool Power Data Recovery, which can be exploited through a man-in-the-middle attack, allowing attackers to achieve remote...
PT-2023-22225 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCMS version 11.6 Description: A problematic issue affects the Picture Upload Handler component, specifically the file member.php, where the manipulation of the oldpic argument leads to denial of service. The attack can be initiated remotel...
PT-2023-16644 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCMS version 11.6 Description: A problematic issue was found in the Picture Management component, specifically affecting some unknown functionality of the file /data/config.ftp.php. This issue leads to deserialization and can be exploited...
Kiwi TCMS 安全漏洞
Kiwi TCMS is a leading open source test management system for manual and automated testing from Kiwi TCMS Open Source. A security vulnerability exists in Kiwi TCMS version 11.6 and prior versions, which stems from the fact that when a user registers for a new account or changes their password,...