70 matches found
PYSEC-2026-277 Apache Airflow Google Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...
EUVD-2026-30777
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27
CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27. A patched version of the package is available...
Studio Fabryka DobryCMS SQL注入漏洞
Studio Fabryka DobryCMS is a content management system developed by Studio Fabryka. Versions of Studio Fabryka DobryCMS prior to version 8.0 had a SQL injection vulnerability. This vulnerability stemmed from SQL injections in URL paths, which could lead to blind injection attacks...
OpenEMR 跨站脚本漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained a cross-site...
CVE-2026-0994 affecting package mysql for versions less than 8.0.45-2
CVE-2026-0994 affecting package mysql for versions less than 8.0.45-2. A patched version of the package is available...
CVE-2026-25859
Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...
Turbo security vulnerabilities
Turbo is a code development tool open source by Hotwire. Versions of Turbo prior to 8.0.x contained security vulnerabilities. These vulnerabilities stemmed from race conditions in the turbo-frame element handler, which could lead to failed logouts and the reapplication of session cookies after a...
PT-2026-1042
Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions prior to 8.0 Description A flaw exists in EmpireSoft EmpireCMS that allows for unrestricted file uploads. This issue is located in the CheckSaveTranFiletype function within the e/class/connect.php file. Successful...
Snipe-IT 安全漏洞
Snipe-IT is an open source IT asset/license management system from Grokability Open Source. A security vulnerability exists in Snipe-IT versions prior to 8.3.4 that stems from a stored cross-site scripting attack in the Locations Country field...
CVE-2025-53053 affecting package mysql for versions less than 8.0.44-2
CVE-2025-53053 affecting package mysql for versions less than 8.0.44-2. An upgraded version of the package is available that resolves this issue...
CVE-2025-61985 affecting package openssh for versions less than 8.9p1-9
CVE-2025-61985 affecting package openssh for versions less than 8.9p1-9. A patched version of the package is available...
CVE-2025-53045 affecting package mysql for versions less than 8.0.44-2
CVE-2025-53045 affecting package mysql for versions less than 8.0.44-2. An upgraded version of the package is available that resolves this issue...
CVE-2025-8871
The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...
CVE-2025-46365
Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink...
CVE-2025-8871 Everest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature
The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...
WordPress WoodMart theme < 8.3.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme WoodMart versions 8.3.2...
Linux Distros Unpatched Vulnerability : CVE-2025-6712
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in...
PHP 安全漏洞
PHP is a scripting language for PHP that is executed server-side. A security vulnerability exists in PHP versions prior to 8.1.33, 8.2.29, 8.3.23, and 8.4.10, which stems from functions such as fsockopen failing to validate that the hostname contains null characters, which could lead to security...
MongoDB Server 安全漏洞
MongoDB Server is a distributed document database system from MongoDB. A resource management error vulnerability exists in MongoDB Server versions prior to 8.0 through 8.0.10 that stems from inefficient memory management for internal operations. An attacker could exploit this vulnerability to cau...