23 matches found
CVE-2018-25392 MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...
Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability
Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability...
WordPress Simple Link Directory plugin <= 8.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Simple Link Directory versions = 8.9.2...
Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-21)
Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via...
CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...
.NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2026-26130 – .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to...
CVE-2025-64492 SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...
Linux Distros Unpatched Vulnerability : CVE-2025-30687
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and...
dotnet: .NET Remote Code Vulnerability
A remote code execution vulnerability in .NET 8.0 and 9.0. An attacker who can place malicious files in specific locations may trigger unintended code execution when the .NET runtime loads these files...
CVE-2021-39869
In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project...
Laravel 安全漏洞
Laravel is a web application framework from the Laravel community. A security vulnerability exists in Laravel versions 8.x through 9.x through versions prior to 9.32.0, which stems from the authentication method being found vulnerable to attack...
UBUNTU-CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
PT-2021-22716 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.9 and later Description: The issue concerns project exports in GitLab CE/EE, where trigger tokens configured on a project may be exposed. This affects all versions since 8.9. Recommendations: For GitLab CE/EE versions...
Opencast Access Control Error Vulnerability
Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. A security vulnerability exists in Opencast versions 8.9 and prior to 7.9 that stems from Opencast disabling HTTPS hostname validation, which is used by i...
Google Android System Elevation of Privilege Vulnerability (CNVD-2019-03705)
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which System is a component. An elevation of privilege vulnerability exists in System in Android versions 8.0, 8.1, and 9.0. An attacker can exploit this vulnerability to eleva...
CVE-2015-4987
The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896...
PT-2017-14275 · Node.Js +1 · Node.Js +1
Name of the Vulnerable Software and Affected Versions: Node.js versions 8.X through 9.X Description: The issue arises when the encoding for the fill value does not match the encoding specified, causing buffers to not be initialized correctly. For example, 'Buffer.alloc0x100, "This is not correctl...
CVE-2017-1000027
Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access...
IBM Tealeaf Customer Experience Information Disclosure Vulnerability (CNVD-2016-11558)
IBM Tealeaf Customer Experience is a SaaS Software-as-a-Service based analytics solution for web and mobile applications from IBM, USA. The solution helps clients improve the overall user experience by analyzing and understanding data, and supports the adoption of advanced user interfaces for ric...
Unspecified Vulnerability in IBM Tealeaf Customer Experience Replay Serve
IBM Tealeaf Customer Experience is a SaaS Software-as-a-Service based analytics solution for web and mobile applications from IBM, USA. The solution helps clients improve the overall user experience by analyzing and understanding data, and supports the adoption of advanced user interfaces for ric...