23 matches found
CVE-2025-13774 SQL injection leading to privilege escalation in Progress Flowmon ADS
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands...
HarfBuzz 安全漏洞
HarfBuzz is HarfBuzz open source a text engine for OpenType fonts. HarfBuzz version before 12.3.0 has a security vulnerability , the vulnerability stems from the SubtableUnicodesCache::create function does not check the hbmalloc return value , which may lead to null pointer dereferencing and...
CVE-2018-4399
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...
KEYENCE KV STUDIO 安全漏洞
KEYENCE KV STUDIO is a PLC programming and debugging software from KEYENCE Japan. A security vulnerability exists in KEYENCE KV STUDIO version 12.23 and earlier, which originates from a buffer overflow and could lead to the execution of arbitrary code...
PT-2025-36382
Name of the Vulnerable Software and Affected Versions: versions prior to 12.0 Hotfix 91155 Description: Improper restriction of operations in the IOMMU could allow a malicious hypervisor to access guest private memory, resulting in a loss of integrity. Recommendations: At the moment, there is no...
CVE-2025-48921 Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079
Cross-Site Request Forgery CSRF vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13...
Kiwi TCMS 安全漏洞
Kiwi TCMS is a leading open source test management system for manual and automated testing from Kiwi TCMS Open Source. A security vulnerability exists in Kiwi TCMS versions prior to 12.0, which stems from the fact that the system is not rate-limited, which makes brute-force attacks on the login...
Kiwi TCMS 安全漏洞
Kiwi TCMS is a leading open source test management system for manual and automated testing from Kiwi TCMS Open Source. A security vulnerability exists in Kiwi TCMS versions prior to 12.0, which stems from the fact that the system is not rate-limited, which makes brute-force attacks on the login...
SugarCRM 输入验证错误漏洞
SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales representatives. A security...
PT-2022-10902 · Philips · Philips Vue Myvue Pacs
Name of the Vulnerable Software and Affected Versions: Philips Vue MyVue PACS versions prior to 12.2.x.x Description: The issue allows authenticated users to perform Path Traversal, accessing files stored outside of the web root through the VideoStream function. Recommendations: For Philips Vue...
WordPress theme Newspaper 跨站脚本漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in versions of WordPress theme Newspaper prior to 12, whi...
WordPress theme Newspaper 跨站脚本漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in versions of WordPress theme Newspaper prior to 12, whi...
PT-2022-10658 · Unknown · Virtua Cobranca
Name of the Vulnerable Software and Affected Versions: Virtua Cobranca versions prior to 12R Description: The issue allows SQL Injection on the login page. Recommendations: For versions prior to 12R, update to version 12R or later to resolve the issue...
Google Android 资源管理错误漏洞
Google Android is a Linux-based open source operating system from the American company Google. A security vulnerability exists in the Framework in Google Android versions prior to 12L. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or vendor...
PT-2022-15613 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.3 Description: A logic issue was addressed with improved validation. A malicious application may be able to gain root privileges. Recommendations: For versions prior to 12.3, update to macOS Monterey 12.3 to resolve...
Google Android 数据伪造问题漏洞
Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android versions prior to 12. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An attacker could use this vulnerability to...
PT-2021-14891 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.2 Description: A vulnerability was discovered in GitLab that made it susceptible to a Server-Side Request Forgery SSRF attack. The attack was possible through the Outbound Requests feature. Recommendations: For...
CVE-2020-0541
Out-of-bounds write in subsystem for IntelR CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access...
Intel Active Management Technology Elevation of Privilege Vulnerability (CNVD-2019-42601)
Intel Active Management Technology AMT is a set of hardware-based computer remote active management technology software from Intel Intel. A security vulnerability exists in the subsystem in Intel AMT versions prior to 12.0.45 that stems from inadequate input validation. An attacker could exploit...
CVE-2018-4383
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...