VMware Spring Foundation 安全漏洞

VMware Spring Foundation is an application development framework provided by the American company VMware, which offers enterprise-level infrastructure support for application development. There are security vulnerabilities in VMware Spring Foundation versions 7.0.5 and earlier, 6.2.16 and earlier...

CVE-2026-24613 WordPress Ecwid Shopping Cart plugin <= 7.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through = 7.0.6...

Duende IdentityServer 安全漏洞

Duende IdentityServer is a Duende open source, standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core. A security vulnerability exists in Duende IdentityServer that stems from certain functions that incorrectly treat maliciously constructed URLs as local and trusted. An...

CVE-2024-32664

CVE-2024-32664 affects Suricata before 7.0.5 and 6.0.19, where specially crafted traffic or datasets can cause a limited buffer overflow. The vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include avoiding rules with the base64_decode keyword (bytes option 1, 2, or 5) and, for 7.0.x, set...

CVE-2024-24872

Cross-Site Request Forgery CSRF vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5...

PT-2024-20628 · Themify · Themify Builder

Name of the Vulnerable Software and Affected Versions: Themify Builder versions through 7.0.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the...

Fortinet FortiMail Cross-Site Scripting Vulnerability

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides email security and data protection features. A security vulnerability exists in Fortinet FortiMail that stems from an incorrect neutralization vulnerability entered during web page...

CVE-2022-29053

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it...

TIBCO Data Virtualization Command Injection Vulnerability

TIBCO Data Virtualization formerly known as Cisco Information Server is the United States TIBCO Software, Inc. of a data virtualization suite Cisco Data Virtualization Suite is the basis of the Java-based information server. version version control adapters is one of the version control adapters....