CVE-2026-9245

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

CVE-2026-4670 Improper Authentication vulnerability in Progress MOVEit Automation

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...

CVE-2026-4670

MOVEit Automation (Progress Software) is affected by two CVEs. CVE-2026-4670 is an authentication bypass due to a primary weakness impacting MOVEit Automation releases older than 2025.0.9, 2024.1.x, and 2024.0.x series; CVSSv3.1 is 9.8 (Network, required none, user interaction none, confidentiali...

Hostbill 跨站脚本漏洞

Hostbill is an automated management system for server hosting and cloud services provided by the Polish company Hostbill. The versions of Hostbill 2025-11-24 and 2025-12-01 contain cross-site scripting vulnerabilities. These vulnerabilities stem from cross-site scripting issues, which may allow...

PT-2026-34884

CVE-2026-31051 An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component https://t.co/UMnQEPtGP9...

CVE-2026-31050

Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code...

CVE-2026-31051

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component...

CVE-2026-31050

Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code...

CVE-2026-31049

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field...

CVE-2026-3476

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

CVE-2026-1335

SOLIDWORKS eDrawings (Desktop 2025–2026) is affected by CVE-2026-1335 due to an Out-Of-Bounds Write in the EPRT file reading procedure. The vulnerability could allow arbitrary code execution when opening a specially crafted EPRT file. The advisory reports a high-severity impact with CVSS 3.1 base...

PT-2026-4770

Name of the Vulnerable Software and Affected Versions SOLIDWORKS eDrawings versions 2025 through 2026 Description An Out-Of-Bounds Write issue exists in the EPRT file reading process of SOLIDWORKS eDrawings. This could allow an attacker to execute arbitrary code by opening a specially crafted EPR...

CVE-2025-64463

There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

CVE-2025-64462 Out-of-Bounds Read in LVResFile::RGetMemFileHandle() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

CVE-2025-64461

NI LabVIEW is affected by an out-of-bounds write in mgocre_SH_25_3!RevBL() when opening a corrupted VI file, impacting 2025 Q3 (25.3) and earlier. Exploitation requires a user to open a crafted VI and can lead to information disclosure or arbitrary code execution. A patch/update to a version late...

PT-2025-52243

Name of the Vulnerable Software and Affected Versions NI LabVIEW versions prior to 2025 Q3 25.3 Description A stack-based buffer overflow exists in the LVResFile::FindRsrcListEntry function when parsing a corrupted VI file. Successful exploitation requires a user to open a specially crafted VI,...

PT-2025-44363

Name of the Vulnerable Software and Affected Versions versions prior to 2025-54548 Description Restricted users could view sensitive portions of the config database via a debug API. Specifically, user password hashes were exposed. The API endpoint used for this exposure is a debug API...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-34298 · Liferay · Liferay Dxp

Name of the Vulnerable Software and Affected Versions: Liferay DXP versions 2025.Q2.0 through 2025.Q2.3 Description: A server-side request forgery SSRF vulnerability exists due to insecure domain validation on analytics.cloud.domain.allowed. This allows an attacker to perform requests by changing...

CVE-2025-43750

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows remote unauthenticated users guests to upload files via th...