25 matches found
CVE-2026-1774
CASL Ability (versions 2.4.0–6.7.4) contains a prototype pollution vulnerability likely via the extra/rulesToFields path handling, allowing manipulation of Object.prototype. Affected components include the setByPath logic within the prototype pollution surface; impact can range from DoS to potent...
WordPress Ultra Portfolio plugin <= 6.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Ultra Portfolio versions = 6.7...
Oracle Linux 8 : redis:6 (ELSA-2025-19238)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-19238 advisory. 6.2.20-1.0.1 - Build with 64k pages to support redis on both UEK6 and UEK7 on aarch64 6.2.20-1 - rebase to 6.2.20 for CVE-2025-49844 CVE-2025-46817...
Linux Distros Unpatched Vulnerability : CVE-2017-0467
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and da...
UBUNTU-CVE-2025-6706
An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...
WordPress plugin Formidable Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Pegasystem PEGA Platform License Issue Vulnerability
Pegasystem PEGA Platform is a suite of application development platforms from the US-based Pegasystem. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-Time Decision Making and CRM Customer Relationship Management. A security vulnerabilit...
MagnusBilling 操作系统命令注入漏洞
MagnusBilling is a fast, secure, efficient, and highly available VOIP billing from MagnusSolution open source. An operating system command injection vulnerability exists in MagnusSolution MagnusBilling versions 6.x , 7.x that originates from allowing remote attackers to run arbitrary commands via...
SUSE CVE-2016-5405
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords...
CVE-2021-39018
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726...
CVE-2021-20551
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149...
CVE-2021-20421
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
GHSA-GFV5-GRX2-9JW2 Improper Privilege Management in Elasticsearch
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...
CVE-2021-43054
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any...
PT-2020-16057 · Primekey · Primekey Ejbca
Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions 6.x through 7.4.0 Description: An issue was discovered where no revocation check is performed on a client certificate when enrolling over the EST protocol. This can affect systems with EST configured, using client...
CVE-2020-5541
Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL...
CVE-2020-4281
IBM DOORS Next Generation DNG/RRC 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2020-6264
SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure...
Aruba Networks ClearPass Access Control Error Vulnerability
Aruba Networks ClearPass is an access management system from Aruba Networks that integrates network control, application and device management capabilities. A security vulnerability exists in Aruba Networks ClearPass versions 6.8.x prior to 6.8.4 and 6.7.x prior to 6.7.13. An attacker could explo...
JDK: DoS in the java.math component
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681...