223 matches found
CVE-2026-30769
An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests...
CVE-2026-35548
An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit SDK called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox...
GHSA-CHQC-8P9Q-PQ6Q basic-ftp has FTP Command Injection via CRLF
Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...
CVE-2026-3902
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...
UBUNTU-CVE-2026-33033
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...
REDAXO 跨站请求伪造漏洞
REDAXO is an open-source content management system developed by REDAXO. Version 5.2 of Redaxo contains a cross-site request forgeing vulnerability. This vulnerability is due to a susceptibility to cross-site request forgery attacks, which may allow unauthorized attackers to create administrative...
CVE-2026-27697
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...
EUVD-2026-17265
baserCMS has OS command injection vulnerability in installer...
GHSA-6HPG-8RX3-CWGV baserCMS has OS command injection vulnerability in installer
baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...
EUVD-2026-17259
baserCMS Update Functionality Vulnerable to OS Command Injection...
CVE-2026-32734
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...
CVE-2026-30879 baserCMS: Cross-site scripting vulnerability in blog post
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3...
CVE-2026-30879
Summary: CVE-2026-30879 affects baserCMS prior to version 5.2.3, where a cross-site scripting (XSS) vulnerability in blog posts could be exploited. The issue is resolved by updating to version 5.2.3. Affected software: baserCMS (website development framework). Vulnerability details (from connecte...
CVE-2026-30877 baserCMS: OS Command Injection in the baserCMS Update Functionality
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges o...
CVE-2026-30877
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges o...
CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...
PT-2026-29153
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...
EUVD-2026-12914
Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size...
CVE-2025-14604
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors...