37 matches found
WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Expatch in WordPress Plugin wpDataTables versions = 7.4...
CVE-2026-7870
CVE-2026-7870 affects IBM i 7.3–7.6 (5770-SS1). Root cause: an unqualified library call (CWE-427) could let a user’s code run with administrator privileges, enabling privilege escalation. Impact: allows elevated rights, with CVSSv3.1 base score 8.8 (HIGH) — attack vector: network, complexity: low...
CVE-2026-4222 SSCMS download PathUtils.RemoveParentPath path traversal
A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit...
PT-2026-25629
GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages...
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
CVE-2025-62258
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the endpoint parameter...
CVE-2024-48891
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access via...
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access
Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-2611 CVSS score: 9.3, relates to improper input...
CVE-2025-43816
A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions...
CVE-2025-1255
Untrusted Pointer Dereference vulnerability in RTI Connext Professional Core Libraries allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9...
CVE-2025-1255
Untrusted Pointer Dereference vulnerability in RTI Connext Professional Core Libraries allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
CVE-2025-43025
HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older e.g., v7.3.x, v7.2.x, v7.1.x, etc...
CVE-2023-22088
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: User Management. Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...
CVE-2023-37933
An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests...
IBM PowerHA SystemMirror 安全漏洞
IBM PowerHA SystemMirror is a high-availability cluster multiprocessor program from International Business Machines IBM. A security vulnerability exists in IBM PowerHA SystemMirror versions 7.4 and 7.5. An attacker exploiting this vulnerability could obtain cookie values by snooping on traffic...
PT-2024-36606 · Ibm · Ibm Powerha Systemmirror
Name of the Vulnerable Software and Affected Versions: IBM PowerHA SystemMirror for i versions 7.4 through 7.5 Description: The issue is related to improper restrictions when rendering content via iFrames, which could allow an attacker to gain improper access and perform unauthorized actions on t...
IBM i Security Vulnerabilities
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.3, 7.4, and 7.5. An attacker exploiting this vulnerability could elevate privileges to gain root access to the host...
IBM i 权限许可和访问控制问题漏洞
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A privilege permission and access control issue vulnerability exists in IBM i versions 7.2, 7.3, 7.4, and 7.5, which stems from insufficient privilege management and ca...
PMB SQL Injection Vulnerability
PMB is a 100% free document management reference tool from the PMB Services team. A SQL injection vulnerability exists in PMB 7.4.7 and prior versions, which originates from a vulnerability that could allow an unauthenticated, remote attacker to inject arbitrary SQL commands via the PmbOpac-LOGIN...