51 matches found
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...
CVE-2026-8434
Concrete CMS 9.x prior to 9.5.0 is vulnerable to CSRF at the concrete/controllers/backend/file rescanMultiple() endpoint. Root cause: CSRF in the rescanMultiple() handler, reported with CVSS v4.0 vector AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N and a base score of 2.3 (LOW). Impact i...
Dell PowerScale OneFS 安全漏洞
Dell PowerScale OneFS is an operating system developed by the American company Dell. It provides a horizontally scalable NAS solution through the PowerScale OneFS operating system. Versions of Dell PowerScale OneFS prior to 9.12.0.0 contained security vulnerabilities, which were caused by imprope...
GHSA-78CG-FC6C-W44W Apache OpenMeetings has an Improper Handling of Insufficient Privileges vulnerability
Sny registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object. This issue affects Apache OpenMeetings: from...
Drupal Anti-Spam by CleanTalk 安全漏洞
Drupal Anti-Spam by CleanTalk is a security module for content management systems provided by the Drupal company, which offers automatic spam detection and filtering capabilities. Versions of Drupal Anti-Spam by CleanTalk prior to version 9.7.0 contained a security vulnerability caused by imprope...
CVE-2026-21426
CVE-2026-21426 affects Dell PowerScale OneFS prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1. The vulnerability is described as an execution with unnecessary privileges, allowing a high-privileged local attacker to cause denial of service, privilege escalation, and information disclosure...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from PHP object injection in the columns parameter within the Express Entry List block, which could lead to remote co...
PT-2026-6790
Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.2.0 Description calibre is an e-book manager. A Server-Side Template Injection SSTI vulnerability exists in calibre’s Templite templating engine. This allows for arbitrary code execution when a user converts an eboo...
CVE-2025-61103 affecting package frr for versions less than 9.1.1-5
CVE-2025-61103 affecting package frr for versions less than 9.1.1-5. A patched version of the package is available...
CVE-2025-64192
Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through 9.6...
Linux Distros Unpatched Vulnerability : CVE-2023-23610
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having...
Dell PowerScale OneFS Encryption Issue Vulnerability
Dell PowerScale OneFS is an enterprise-class distributed file storage system from Dell. A security vulnerability exists in Dell PowerScale OneFS versions prior to 9.11.0.0 that stems from the use of an insecure encryption algorithm. An attacker could exploit the vulnerability to cause information...
CVE-2023-22055
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...
PT-2024-39232 · WordPress · Quiz/Survey Master
Name of the Vulnerable Software and Affected Versions: The Quiz and Survey Master QSM WordPress plugin versions prior to 9.1.3 Description: The issue is related to the Quiz and Survey Master QSM WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow...
Rubrik 安全漏洞
Rubrik is a suite of cloud data management platforms from Rubrik, Inc. in the United States. The platform is capable of providing data backup, data protection, data analysis, data compliance, and data recovery. A security vulnerability exists in Rubrik versions prior to 9.1.2-p1, 9.0.3-p6, and...
CVE-2024-25946
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity...
Hitachi Energy Asset Suite 安全漏洞
Hitachi Energy Asset Suite is a powerful suite from Hitachi, Japan. standardizes and streamlines enterprise asset management workflows to maximize employee productivity and improve asset performance. A security vulnerability exists in Hitachi Energy Asset Suite versions prior to 9.6.3.13 and prio...
CVE-2024-1247
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...
PT-2024-19230 · WordPress · Wp Spell Check
Name of the Vulnerable Software and Affected Versions: WP Spell Check versions prior to 9.18 Description: A Cross-Site Request Forgery CSRF issue has been identified. This allows an attacker to perform unintended actions on a user's behalf. Recommendations: For versions prior to 9.18, update to...
AZL-32011 CVE-2023-48237 affecting package vim for versions less than 9.0.2112-1
Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This...