CVE-2020-37098

Disk Sorter Enterprise 12.4.16 is affected by an unquoted service path vulnerability that can allow local attackers to execute arbitrary code with LocalSystem privileges by exploiting the unquoted path in the service configuration. The CVE description and multiple connected sources confirm the vu...

Incorrect Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Incorrect Authorization via the defVals parameter in the Edit Document Controller. An attacker can insert unauthorized data into restricted database fields by...

CVE-2025-6242 vulnerabilities

Vulnerabilities for packages: py3-vllm-cuda-12.4, tritonserver-backend-vllm-cuda-12.9...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to inconsistent checks in the backend routing. An attacker can gain unauthorized access to backend AJAX routes by directly invoking them without proper permissions. Note: Additional fixed versions are available...

CVE-2024-4892

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘displayname’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissio...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 12.4.0 and earlier, which stems from an inability to validate the mail parameter of createAction, resulting in insecure direct object...

WordPress plugin BuddyPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 12.4. An attacker exploited the vulnerability to execute a cross-site scripting attack...

PT-2023-23584 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions prior to 12.4 Description: A command injection issue exists in WWBN AVideo, allowing Remote Code Execution when the CloneSite Plugin is used. This issue is related to the plugin/CloneSite/cloneClient.json.php endpoint. It...

PT-2023-23017 · Avideo · Avideo

Name of the Vulnerable Software and Affected Versions: AVideo versions prior to 12.4 Description: The issue arises from the failure to properly sanitize malicious characters when creating a Meeting Room in AVideo, allowing an attacker to insert malicious scripts. This can lead to cookie hijacking...

CVE-2023-26410

Adobe Substance 3D Designer version 12.4.0 and earlier is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Adobe Substance 3D Designer 资源管理错误漏洞

Adobe Substance 3D Designer is a 3D design software from Adobe. A resource management error vulnerability exists in Adobe Substance 3D Designer version 12.4.0 and prior versions, which stems from a post-release reuse vulnerability that could lead to the execution of arbitrary code in the current...

GitLab has an unspecified vulnerability (CNVD-2019-42893)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in version 12.4 of GitLab...

Cisco IOS and IOS XE Denial of Service Vulnerability (CNVD-2016-04937)

Cisco IOS and IOS XE Software are both operating systems developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS versions 12.4 and 15.0 through 15.5 and IOS XE versions 3.13 through 3.17. A remote attacker could exploit this vulnerability to cause a denial of...

BlackBerry Enterprise Service Cross-Site Scripting Vulnerability

BlackBerry Enterprise Server BES is a wireless solution from BlackBerry Canada. A cross-site scripting vulnerability exists in BES 12.4 and earlier versions, which can be exploited by an attacker to inject arbitrary Web script or HTML...