Amazon AWS Encryption SDK 安全漏洞

Amazon AWS Encryption SDK is a development toolkit used by Amazon, Inc., for encryption purposes. Versions of the AWS Encryption SDK prior to 3.3.1 and 4.0.5 contained security vulnerabilities. These vulnerabilities were due to issues with the encryption algorithm, which could allow authenticated...

CVE-2025-62603

Fast DDS (DDS security) CVE-2025-62603 arises from the CDR parser deserializing the entire DataHolderSeq in ParticipantGenericMessage, allowing an out-of-memory condition and remote termination. Affected versions prior to the patch (3.4.1, 3.3.1, 2.6.11) are addressed by the vendor, and remediati...

CVE-2025-66645

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

PT-2025-49682

Name of the Vulnerable Software and Affected Versions NiceGUI versions 3.3.1 and below Description NiceGUI, a Python-based UI framework, has an issue where the ui.interactive image component can be exploited for cross-site scripting XSS. The component renders Scalable Vector Graphics SVG content...

alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

PT-2025-47663

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh crm settings empty trash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

CVE-2025-62713

Kottster is a self-hosted Node.js admin panel. A pre-authentication remote code execution (RCE) vulnerability exists in development mode for versions 3.2.0–before 3.3.2; production deployments are unaffected. The issue allows code execution via development-mode behaviors, and has been fixed in ve...

CVE-2025-10110 ChanCMS search sql injection

A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

PT-2024-30776 · Unknown · Zephyr Project Manager

Name of the Vulnerable Software and Affected Versions: Zephyr Project Manager versions 3.3.1 through 3.3.102 Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability in the Zephyr Project Manager. This vulnerability allows for unauthorized access...

CubeFS Log Information Disclosure Vulnerability

CubeFS is a cloud-native file storage for CubeFS individual developers. A log information disclosure vulnerability exists in CubeFS versions prior to 3.3.1, which stems from disclosing user keys and access keys in logs...

Apache Hadoop Code Issue Vulnerability

Apache Hadoop is a set of open source distributed systems infrastructure of the U.S. Apache Apache Foundation. It is capable of distributed processing of large amounts of data and is characterized by high reliability, high scalability, and high fault tolerance. A security vulnerability exists in...

WordPress theme Real Estate 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Real Estate 7 version 3.3.1 an...

SUSE CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

PT-2022-7154 · Apache · Apache Hadoop

Name of the Vulnerable Software and Affected Versions: Apache Hadoop versions 3.3.1 through 3.3.4 Description: The issue is related to the use of an unreliable path search in the Apache Hadoop platform, which can allow a remote attacker to execute commands with root privileges. The vulnerability ...

QSAN Storage Manager 后置链接漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. An absolute path traversal vulnerability exists in FileviewDoc in QSAN Storage Manager 3.3.1 and earlier versions. An attacker can exploit this vulnerability by injecting symbolic links to access arbitrar...

QSAN Storage Manager 操作系统命令注入漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A command injection vulnerability exists in QSAN Storage Manager 3.3.1 and earlier versions. The vulnerability stems from QuickInstall failing to properly filter special parameters. A remote,...

Evenroute IQrouter Operating System Command Injection Vulnerability

Evenroute IQrouter is a smart router from Evenroute USA. A remote code execution vulnerability exists in the web panel in Evenroute IQrouter 3.3.1 and earlier versions. An attacker can exploit this vulnerability to gain root privileges...

PT-2020-12958 · Openwrt +1 · Openwrt +1

Name of the Vulnerable Software and Affected Versions: IQrouter versions 3.3.1 and earlier Description: The issue allows remote attackers to control the device, enabling actions such as restarting the network, rebooting, upgrading, or resetting, due to incorrect access control. This issue is...

PT-2018-10222 · Coreos +3 · Etcd +3

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.1 and earlier Description: A cross-site request forgery flaw was found, allowing an attacker to set up a website that tries to send a POST request to the etcd server and modify a key. Since adding a key is done with PUT, it ...