18 matches found
libcurl 7.12.0 < 8.21.0 Cross-Proxy Digest Auth State Leak
The version of libcurl installed on the remote host is 7.12.0 prior to 8.21.0. It is, therefore, affected by a proxy credential disclosure vulnerability: - When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy...
CVE-2026-53663
React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...
EUVD-2026-38338
React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...
keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...
PYSEC-2026-74
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...
Keylime 安全漏洞
Keylime is an open-source scalable trust system developed using TPM technology. Versions of Keylime 7.12.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of enforcement of client-side TLS authentication, which may allow unverified clients to execute...
EUVD-2025-35236
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...
UBUNTU-CVE-2025-59147
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers with...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 WinRAR Proof of Concept PoC-Exploit !PoCht...
WordPress plugin Abandoned Cart Lite for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
SuiteCRM 安全漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions prior to 7.12.9. An attacker could exploit the vulnerability to access files and directories stored outside of the web root folder...
PT-2022-7697 · Suitecrm · Suitecrm
Name of the Vulnerable Software and Affected Versions: SuiteCRM version 7.12.7 Description: A problem was discovered in SuiteCRM where authenticated users can recover an arbitrary field from a database. The issue is related to shortcomings in the authentication procedure, which can be exploited b...
SuiteCRM 安全漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM version 7.12.7, which stems from the ability of an authenticated user to recover arbitrary fields in the database...
Atlassian Confluence Server 安全漏洞
Atlassian Confluence Server is the server version of a suite of collaboration software from Atlassian Australia with enterprise knowledge management capabilities and support for building enterprise WiKi. A security vulnerability exists in Atlassian Confluence Server that allows remote attackers t...
Elasticsearch Logstash 信任管理问题漏洞
Elasticsearch Logstash is a suite of log analysis and monitoring tools from the Dutch company Elasticsearch. A security vulnerability exists in Logstash. The vulnerability stems from a TLS certificate validation vulnerability in the program's monitoring feature, which could allow a...
GitLab Authorization Issues Vulnerability (CNVD-2020-63398)
GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. A security...
Citrix Provisioning Services Information Disclosure Vulnerability
Citrix Provisioning Services enables the creation of a set of images that use streaming technology to transport physical and virtual servers, reducing storage requirements and enabling fast, consistent and reliable application deployment. An information disclosure vulnerability exists in Citrix...
CVE-2016-9680
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors...