29 matches found
CVE-2026-57680
Unauthenticated Insecure Direct Object References IDOR in Kirki = 6.0.11 versions...
CVE-2025-12694
A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...
CVE-2025-12694
A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...
PT-2026-46182
Name of the Vulnerable Software and Affected Versions Forcepoint VPN Client versions prior to 6.11.4 Description A local privilege escalation issue in Forcepoint VPN Client for Windows allows a non-administrative user to gain SYSTEM privileges...
Traccar 代码问题漏洞
Traccar is a Java-based website building system provided by the American company Traccar. This software supports over 170 GPS protocols and over 1,500 types of GPS tracking devices. Traccar can be used alongside any major SQL database systems. It also offers a user-friendly REST API. Versions of...
PT-2026-21558
Name of the Vulnerable Software and Affected Versions Traccar versions up to and including 6.11.1 Description The Traccar GPS tracking system is affected by an issue where authenticated users with device creation or editing privileges can manipulate the uniqueId parameter to specify an absolute...
Traccar 安全漏洞
Traccar is a Java-based website building system provided by the American company Traccar. This software supports over 170 GPS protocols and over 1500 types of GPS tracking devices. Traccar can be used alongside any major SQL database systems. It also offers a user-friendly REST API. Traccar...
EUVD-2025-30215
Malicious code in bioql PyPI...
EUVD-2025-27243
Malicious code in bioql PyPI...
CVE-2025-10095
A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle firmware, specifically affecting the handling of certain parameters within the server's database interactions. The vulnerability is isolated to the SMPP server, which operates with its own dedicated...
CVE-2025-10095
A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle firmware, specifically affecting the handling of certain parameters within the server's database interactions. The vulnerability is isolated to the SMPP server, which operates with its own dedicated...
CVE-2025-10095 SQL injection in SMPP component of SMSEagle firmware
A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle firmware, specifically affecting the handling of certain parameters within the server's database interactions. The vulnerability is isolated to the SMPP server, which operates with its own dedicated...
CVE-2025-10095 SQL injection in SMPP component of SMSEagle firmware
A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle firmware, specifically affecting the handling of certain parameters within the server's database interactions. The vulnerability is isolated to the SMPP server, which operates with its own dedicated...
PT-2025-36721
Name of the Vulnerable Software and Affected Versions: SMSEagle versions prior to 6.11 Description: A SQL injection vulnerability exists in the SMPP server component of the SMSEagle firmware. The issue stems from improper sanitization of user input in the server's scripts during database...
php-jwt contains weak encryption
php-jwt v6.11.0 was discovered to contain weak encryption...
GHSA-2X45-7FC3-MXWQ php-jwt contains weak encryption
php-jwt v6.11.0 was discovered to contain weak encryption...
PHP-JWT 安全漏洞
PHP-JWT is a simple library open-sourced by Firebase for encoding and decoding JSON Web Tokens JWT in PHP, compliant with RFC 7519. A security vulnerability exists in PHP-JWT version v6.11.0 that stems from weak encryption...
CVE-2025-45769
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not...
CVE-2024-6725
The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...
WordPress plugin Formidable Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...