18 matches found
Hitachi Virtual Storage Platform One Block 操作系统命令注入漏洞
Hitachi Virtual Storage Platform One Block is a high-performance block storage system device developed by Hitachi, Ltd. Versions 23, 24, 26, and 28 of Hitachi Virtual Storage Platform One Block contain vulnerabilities related to operating system command injection. These vulnerabilities stem from ...
CVE-2026-7688 Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
Dolibarr ERP CRM 注入漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.2 and earlier had a injection vulnerability. This vulnerability stemmed from the operation of the fields parameter in the checkValForAPI function of the Shipments API...
AZL-78593 CVE-2026-27965 affecting package vitess 17.0.7-14
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...
CVE-2024-9432
Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...
CVE-2024-9432 Cleartext Storage of Sensitive Information vulnerability has been discovered in OpenText™ Vertica.
Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...
PT-2026-3623
IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-30751
Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.27 and 23.4-23.8. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromis...
SUSE CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...
CVE-2024-49824
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation...
Oracle Application Express 安全漏洞
Oracle Application Express is a low-code development platform from Oracle Corporation USA. A security vulnerability exists in Oracle Application Express versions 23.2 and 24.1. An attacker could exploit the vulnerability to update, insert, or delete accessible data...
Relyum RELY-PCIe 安全漏洞
The Relyum RELY-PCIe is an intelligent pluggable board from the Spanish company Relyum. A security vulnerability exists in Relyum RELY-PCIe versions v22.2.1 through v23.1.0, which stems from a command injection vulnerability contained in the timedate function...
PT-2024-5561 · Juniper Networks · Junos Evolved
Name of the Vulnerable Software and Affected Versions: Junos OS Evolved versions 23.2R2-EVO through 23.2R2-S1-EVO Junos OS Evolved versions 23.4R1-EVO through 23.4R2-EVO Description: An issue in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access ...
Microsoft Windows Compressed Folder Security Vulnerability
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in the Microsoft Windows Compressed Folder. The following products and versions are affected: Windows 11 Version 22H2 for ARM64-based Systems,Windows 11...
CVE-2023-47056
Adobe Premiere Pro version 24.0 and earlier and 23.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...
Adobe Audition 安全漏洞
Adobe Audition is a set of multi-track editing tools from the American company Audobee Adobe. The product mainly uses a comprehensive toolset that includes multi-track, waveform and spectral display to mix, edit and create audio content. A heap buffer overflow vulnerability exists in Adobe Auditi...
Mobileiron Sentry 安全漏洞
Mobileiron Sentry is a Smart Gateway product from Mobileiron, Inc. A security vulnerability exists in Sentry versions 23.6.0 through 23.6.2 and earlier, which stems from the Sentry API returning an incorrect HTTP header if the request header ends in system.base-hostname...
flash-plugin: multiple code execution issues fixed in APSB16-37
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution...