20 matches found
CVE-2026-42509
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
CVE-2026-30778
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
CVE-2026-21660
Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...
SUSE CVE-2026-25990
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...
Microsoft .NET 安全漏洞
Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and network transparency. There are security vulnerabilities in Microsoft .NET. Attackers can exploit the...
CVE-2026-21942
Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystems. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...
EUVD-2026-3567
Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystems. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...
CVE-2026-21942
Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystems. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...
GHSA-23HV-MWM6-G8JF Apache Tomcat Session Fixation vulnerability
Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...
CVE-2023-49101
WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates...
CVE-2023-22003
Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...
SUSE CVE-2017-3630
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris...
PT-2022-13118 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 10.0 through 14.5.4 GitLab versions 10.1 through 14.6.4 GitLab versions 10.2 through 14.7.1 Description: An issue in GitLab allows private project paths to be disclosed to unauthorized users via system notes when an Issue is...
AZL-8453 CVE-2021-46658 affecting package mariadb for versions less than 10.6.7-1
savewindowfunctionvalues in MariaDB before 10.6.3 allows an application crash because of incorrect handling of withwindowfunc=true for a subquery...
PT-2021-16825 · Unknown · Avideo/Youphptube
Name of the Vulnerable Software and Affected Versions: AVideo/YouPHPTube versions 10.0 and prior Description: The issue allows an administrator-privileged user to write files on the filesystem using flag and code variables in the file save.php. This is due to insecure file write. Recommendations:...
Apple macOS 授权问题漏洞
Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. An authorization issue vulnerability exists in Apple macOS, which can be exploited by a local attacker to bypass the "Logon to Windows" protection screen and gain unauthorized access to the system. The...
CVE-2020-5984
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x prior to 8.5, version 10.x prio...
CVE-2020-2851
Vulnerability in the Oracle Solaris product of Oracle Systems component: Common Desktop Environment. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise...
CVE-2020-2771
Vulnerability in the Oracle Solaris product of Oracle Systems component: Whodo. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...
CVE-2018-3052
Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications subcomponent: Internal Operations. Supported versions that are affected are 10.8.x and 11.4.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS...