go-billy 路径遍历漏洞

Go-Billy is an open-source file system abstraction library developed by go-git. Versions of Go-Billy prior to 5.9.0 contained a path traversal vulnerability. This vulnerability stemmed from path traversal issues in multiple components. Insufficient path cleaning and boundary enforcement may lead ...

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17 contained security vulnerabilities, which stemmed from the Webhook add-on not utilizing existing server-side request forgeing protection...

CVE-2026-39572

CVE-2026-39572 affects the WordPress plugin Bus Ticket Booking with Seat Reservation (versions

EUVD-2025-208675

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios...

CVE-2026-32453

Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through 5.15.0...

CVE-2026-25076

Technical details about CVE-2026-25076 are not publicly provided in the supplied documents; monitor for updates.

CVE-2026-22765

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges...

QNAP Systems File Station 5 缓冲区错误漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.5.6.5068 had a buffer error vulnerability. This vulnerability stemmed from out-of-bounds read attacks, which could lead to the...

CVE-2025-1030 Sensitive Data Exposure in Utarit Informatics' SoliClub

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-54407

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

PT-2025-50874

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...

WordPress plugin Email Subscribers & Newsletters 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2025-44471

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.3 Description Nagios XI versions prior to 5.7.3 have a privilege escalation issue in the getprofile.sh helper script. The script handles profile retrieval and initialization with insecure file and command...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to 5.8.7 that stems from improperly set...

EUVD-2024-55024

Malicious code in bioql PyPI...

QNAP Qsync Central 安全漏洞

QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...

Linux Distros Unpatched Vulnerability : CVE-2019-2522

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and...

Weblate 安全漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate versions prior to 5.12, which stems from a failure to rate-limit second-factor authentication and could lead to OTP guessing...

lockfile linting 安全漏洞

lockfile linting is a tool by Liran Tal Personal Developer. A security vulnerability exists in lockfile linting versions prior to 5.9.2, which stems from package URL validation being out of order, and could lead to the installation of unintended npm packages...

Drupal Enterprise MFA - TFA for Drupal 安全漏洞

Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0, which stems from the use of an alternate path or channel to bypass...