16 matches found
CVE-2026-11561 SSTI in Soagen Informatics' Apinizer
Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
MiracleLinux 8 : ruby:3.3 (AXSA:2026-769:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...
CVE-2026-7705
A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...
runZero Platform 安全漏洞
runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to 4.0.260203.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could allow the MCP proxy to...
Oracle Linux 8 : mysql:8.4 (ELSA-2026-6391)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6391 advisory. mecab mecab-ipadic mysql 8.4.8-1 - Rebase to 8.4.8 Tenable has extracted the preceding description block directly from the Oracle Linux security...
CVE-2026-3608
CVE-2026-3608 affects Kea daemons (kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, kea-dhcp6). A maliciously crafted message over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow. Affected versions: 2.6.0–2.6.4 and 3.0.0–3.0.2. Exploitation details a...
WordPress plugin CF7 Submissions 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2022-50267
In the Linux kernel, the following vulnerability has been resolved: mmc: rtsxpci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...
CVE-2025-22026
In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svcprocregister Currently, nfsdprocstatinit ignores the return value of svcprocregister. If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix...
DEBIAN-CVE-2023-31485
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks...
PT-2023-23360 · Gitlab +1 · Gitlab::Api::V4 +1
Name of the Vulnerable Software and Affected Versions: GitLab::API::v4 versions 0.26 and earlier Description: The issue allows for machine-in-the-middle attacks due to the lack of TLS certificate verification when connecting to a GitLab server. Recommendations: For GitLab::API::v4 versions 0.26 a...
SUSE CVE-2018-8976
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service image.cpp Exiv2::Internal::stringFormat out-of-bounds read via a crafted file...
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2022)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2021-35584
Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: ndbcluster/plugin DDL. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster...
Exiv2 'readHeader' Function Denial of Service Vulnerability
Exiv2 is a set of C++ libraries and command line applications for managing image metadata by software developer Andreas Huggel, which provides fast and easy reading and writing of image metadata in a variety of EXIF, IPTC and XMP formats. A security vulnerability exists in the 'readHeader' functi...