43 matches found
CVE-2026-9552
A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-9552
CVE-2026-9552 affects Das Parking Management System 6.2.0, specifically the Search API Endpoint. The vulnerability is a SQL injection triggered by manipulating the Value parameter, allowing remote exploitation. Public exploits exist. The vendor was contacted but did not respond. No remediation de...
EUVD-2026-30692
A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqxpersistentsessionds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high complexity level is...
EMQX 竞争条件问题漏洞
EMQX is an MQTT message server provided by the EMQX company. Versions of EMQX 6.2.0 and earlier contained a race condition vulnerability. This vulnerability stemmed from unknown functions in the QoS 2 PUBLISH Packet Handler component, specifically the emqxpersistentsessionds.erl file. Attackers...
Assimp 资源管理错误漏洞
Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Version 6.0.2 of Assimp contains a resource management vulnerability. This vulnerability originates from the ConvertMeshMultiMaterial method in FBXConverter.cpp, and it could all...
fast-jwt 安全漏洞
fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt up to 6.2.0 contained security vulnerabilities. These vulnerabilities occurred when the allowedAud verification option used regular expressions, and if the aud declaration controlled by the attacker trigger...
CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...
CVE-2026-2023
The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...
CVE-2026-21944
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
PT-2026-1308
Name of the Vulnerable Software and Affected Versions UniFi Protect Application versions 6.1.79 and earlier Description A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi...
redis:6 security update
6.2.20-1.0.1 - Build with 64k pages to support redis on both UEK6 and UEK7 on aarch64 6.2.20-1 - rebase to 6.2.20 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819...
MAL-2025-48458 Malicious code in src_plugin_index_ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 396cc58d08775057aef35e59ad51a28c7379449f6f00332d193138ff8b9de09a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-3450
CVE-2025-3450 describes an Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime . Affected versions are before 6.3 and before Q4.93, where an unauthenticated, network-based attacker could delete data, leading to denial of service. The issue stems from resource lo...
AllStarLink Supermon 代码注入漏洞
AllStarLink Supermon is a web front-end management and monitoring tool from AllStarLink. A code injection vulnerability exists in AllStarLink Supermon 6.2 and earlier versions, which stems from unknown code in the AllMon2 component that could lead to a cross-site scripting attack...
zuluCrypt 安全漏洞
zuluCrypt is an open source disk encryption front-end tool by mhogomchungu individual developer. A security vulnerability exists in zuluCrypt 6.2.0-1 and earlier versions, which stems from an improperly set PolicyKit that could result in local user privileges being elevated to root...
Arbitrary Code Injection
Overview org.hibernate.validator:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the interpolation of user-supplied input in constraint violation messages with Expression Language. An...
CVE-2024-53426
A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in the Flow::dissectMDNS function...
CVE-2023-48068
DedeCMS v6.2 was discovered to contain a Cross-site Scripting XSS vulnerability via specadd.php...
CVE-2023-39675
SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php...
CVE-2020-22819
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter...