18 matches found
EUVD-2026-36832
Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...
CVE-2026-5513 Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2026:1964-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1964-1 advisory. This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle...
WordPress Online Scheduling and Appointment Booking System - Bookly plugin <= 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability
WordPress Online Scheduling and Appointment Booking System - Bookly plugin = 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability discovered by Youssef Elouaer in WordPress Plugin Bookly versions = 27.0...
CVE-2026-35165
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that...
PT-2025-50736
Name of the Vulnerable Software and Affected Versions AzeoTech DAQFactory version 20.7 Build 2555 Description A Use After Free issue exists in AzeoTech DAQFactory release 20.7 Build 2555. Exploitation of this issue, through the parsing of specially crafted .ctl files, can lead to memory corruptio...
CVE-2025-11254 Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection
The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3 via gallery submissions. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which c...
EUVD-2025-31660
Malicious code in bioql PyPI...
DEBIAN-CVE-2025-8746
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function strstrsse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue w...
IBM Spss Statistics 加密问题漏洞
IBM Spss Statistics is a software package from International Business Machines IBM, Inc. It is used for interactive or batch statistical analysis. An encryption issue vulnerability exists in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2, which stems from the use of a weak encrypti...
Tiki 安全漏洞
Tiki is a suite of open source content management and portal applications from the Tiki community that can be used to create web applications, portals, corporate intranets, extranets, and more. A security vulnerability exists in Tiki version 27.0 and earlier, which originates from a user with...
CVE-2022-35962 Crafted link in Zulip message can cause disclosure of credentials
Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190...
CVE-2022-27930
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed...
Pexip Infinity 输入验证错误漏洞
Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain an input validation error vulnerability that can be exploited by remote, unauthenticated attackers to cause a denial of service...
Unauthorized Access Vulnerability in Gallery 27.0, Qixing Image Library (CNVD-2020-00193)
Qixing Image GalleryGallery is mainly used to store images or videos in the company. An unauthorized access vulnerability exists in Qixing Image Library Gallery 27.0, which can be exploited by attackers to obtain sensitive information...
SQL Injection Vulnerability in the Backend Us***_Ro***.aspx File of Qixing Image & Video Library Gallery v27.0
Qixing Image & Video GalleryGallery is mainly used to store images or videos in the company. A SQL injection vulnerability exists in the backend UsRo.aspx file of Qixing Image & Video Gallery v27.0, which can be exploited by an attacker to obtain sensitive information from the database...
Pivotal Cloud Foundry MariaDB audit_plugin component information disclosure vulnerability
Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software, Inc. in the United States. cf-mysql-release is one of the releases. mariaDB auditplugin is one of the plugins that allows operators to enable audit trails and logging sent to SQL...