22 matches found
Astra Linux – Vulnerability in editorconfig-core
There is a stack buffer overflow issue in the ecglob function of editorconfig-core-c before version 0.12.6. This vulnerability allows an attacker to write arbitrary data to the stack, potentially leading to remote code execution. Editorconfig-core-c version 0.12.6 has addressed this vulnerability...
PT-2026-44040
Name of the Vulnerable Software and Affected Versions Raynet rvia versions prior to 12.6 Update 8 Description Command injection occurs when the software performs a Java search using the find command. An adversary can execute arbitrary Java code by providing a crafted path that matches improperly...
CVE-2025-65088 Out-of-bounds read in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...
PT-2026-40430
An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...
CVE-2025-69599
RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration...
VulnCheck KEV: CVE-2025-58179
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
CVE-2021-22256
Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...
CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
CVE-2024-54051
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction...
CVE-2024-43242
Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6...
WordPress plugin Ultimate Membership Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-7361 · WordPress · Ultimate Membership Pro
Name of the Vulnerable Software and Affected Versions: Ultimate Membership Pro versions through 12.6 Description: The issue is related to improper privilege management in the Ultimate Membership Pro plugin for WordPress, which can allow an attacker to escalate their privileges. Recommendations: F...
Securepoint Unified Threat Management Security Vulnerability
Securepoint Unified Threat Management Securepoint UTM is a unified threat management from Securepoint, Germany. A security vulnerability exists in Securepoint Unified Threat Management versions prior to 12.6.5 that stems from incorrectly handling OTP code...
CVE-2022-43256
SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php...
CVE-2022-2497
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL...
PT-2021-14911 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 and later Description: An issue has been discovered affecting GitLab CE/EE, where under a special condition, it was possible for an anonymous user to access data of an internal repository through a public project...
GitLab 安全漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE affecting a...
PT-2020-13088 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 12.6 through 12.9 Description: The issue allows an external user to create a personal snippet through the API, resulting in a privilege escalation. Recommendations: For GitLab versions 12.6 through 12.9, update to a version th...
GitLab Unauthorized Access Vulnerability (CNVD-2020-03230)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...
CA Identity Governance Cross-Site Scripting Vulnerability
CA Identity Governance is a suite of identification and management solutions from CA USA. A cross-site scripting vulnerability exists in CA Identity Governance version 12.6. A remote attacker could exploit the vulnerability to display HTML or execute scripts in the context of other users...