14 matches found
CVE-2021-4481 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
PT-2026-45861
Name of the Vulnerable Software and Affected Versions Dräger Protector Software versions prior to 6.4.2 Description Insecure file system permissions allow local attackers to execute arbitrary code with elevated privileges. This is achieved by replacing binaries or loaded modules on the host syste...
CVE-2026-1246 ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for...
VulnCheck KEV: CVE-2024-4443
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-55089
Eclipse ThreadX FileX RAM disk driver (FileX) prior to version 6.4.2 contains a buffer overflow in the RAM disk path that can be triggered by crafted network packets via NetX Duo HTTP PUT handling. The overflow arises when the RAM-disk buffer is written without validating that the destination poi...
Eclipse ThreadX FileX 缓冲区错误漏洞
Eclipse ThreadX FileX is a high-performance, FAT-compatible file system from the Eclipse ThreadX open source. A buffer error vulnerability exists in Eclipse ThreadX FileX versions prior to 6.4.2, which stems from a buffer overflow in the FileX RAM disk driver that could lead to remote code...
CVE-2025-46047
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...
DEBIAN-CVE-2024-52804
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...
AZL-53624 CVE-2024-52804 affecting package python-tornado 6.2.0-1
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...
CVE-2023-47562
An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 2023/12/15 and later...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...
WordPress plugin Complianz 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...