18 matches found
CVE-2026-23479
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...
CVE-2026-24505
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.12 and 8.6.25 contain security vulnerabilities. These vulnerabilities stem from the ability to read, modify, and delete...
CVE-2026-1762
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions...
CVE-2026-1762 Enervista UR Setup Directory Traversal Vulnerability
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions...
PT-2026-3684
Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft versions 8.60 through 8.62 Description A flaw exists in the Push Notifications component of Oracle PeopleSoft Enterprise PeopleTools. A low-privileged attacker with network access via HTTP can compromise the system. Successfu...
CVE-2025-61750
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Query. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTool...
EUVD-2025-30463
Malicious code in bioql PyPI...
WordPress Soledad Theme <= 8.6.8 is vulnerable to Cross Site Scripting (XSS)
Software Soledad Type Theme Vulnerable versions = 8.6.8 Fixed in 8.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-59589 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 129327b97bb0 Credits João Pedro S Alcântara Kinorth Required privile...
CVE-2025-8105
CVE-2025-8105 relates to the Soledad WordPress theme (versions ≤ 8.6.7). The vulnerability allows unauthenticated attackers to trigger arbitrary shortcode execution via do_shortcode due to insufficient value validation. Multiple sources (Wordfence, NVD, patched advisories) confirm the issue and i...
EasyVirt DC Scope和EasyVirt CO2 Scope SQL注入漏洞
EasyVirt DC Scope and EasyVirt CO2 Scope are both products of EasyVirt France.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution of CO2 emissions of IT services, virtual machines and servers ...
WordPress plugin Ultimate Membership Pro 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...
PT-2024-23272 · Unknown · Infinitum Form Geo Controller
Name of the Vulnerable Software and Affected Versions: INFINITUM FORM Geo Controller versions n/a through 8.6.4 Description: The issue is related to Deserialization of Untrusted Data, which affects the Geo Controller. Recommendations: For versions n/a through 8.6.4, at the moment, there is no...
CVE-2023-21844
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Elastic Search. Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...
GHSA-6278-2Q4M-CMF3 ZK Framework vulnerable to malicious POST
ZK Framework version 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader...
CVE-2021-1063
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 pri...
CVE-2020-2931
Vulnerability in the Oracle Knowledge product of Oracle Knowledge component: Web Applications - InfoCenter. Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successfu...
IBM Marketing Platform Cross-Site Scripting Vulnerability
IBM Marketing Platform is a suite of marketing platforms from IBM in the United States. The platform supports marketers in leveraging and analyzing customer interactions on websites, cell phones and social media to deliver targeted marketing campaigns to customers. A cross-site scripting...