CVE-2026-45228

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

Missing Authentication for Critical Function

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getDynamicIcon endpoint when attacker-controlled input is embedded into SVG output without proper sanitization. An attacker can execute arbitrary JavaScript in the context of the web application by...

Axigen Mail Server 安全漏洞

Axigen Mail Server is a mail server software developed by Axigen Corporation. Versions prior to 10.5.57 and 10.6.26, as well as versions 10.6.x, have security vulnerabilities. These vulnerabilities stem from the WebAdmin interface’s improper handling of the parameter, allowing for cross-site...

EUVD-2026-5397

Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege...

XWiki Platform security vulnerabilities

The XWiki Platform is an open-source wiki platform used for creating web collaboration applications. Vulnerabilities exist in versions 7.0-milestone-2 to 16.10.11, 17.0.0-rc-1 to 17.4.4, and 17.5.0-rc-1 to 17.7.0 of the XWiki Platform. These vulnerabilities stem from reflective cross-site...

CVE-2025-11545

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions...

CVE-2025-11545

CVE-2025-11545 affects Sharp Display Solutions projectors. NEC/Sharp disclosures and JVN data confirm a vulnerability that exposes sensitive system information to an unauthorized control sphere, enabling an attacker to improperly access the projector’s HTTP server and perform arbitrary actions. T...

CVE-2025-11545

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions...

CVE-2025-10684

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

CVE-2025-64701

QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary...

EUVD-2025-202666

QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary...

CVE-2025-64701

QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary...

CVE-2025-64701

QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary...

CVE-2025-57201

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

SAMSUNG Account 安全漏洞

SAMSUNG Account is an account management software from Samsung South Korea. A security vulnerability exists in Samsung Account versions prior to 15.5.01.1, which stems from improper authorization and could allow a local attacker to initiate arbitrary activity with Samsung Account privileges...

fail2ban 安全漏洞

fail2ban is an application of fail2ban open source. Disablement leads to multiple hosts with incorrect authentication. A security vulnerability exists in fail2ban version v0.11.2 that stems from improper privilege control and could lead to the execution of arbitrary actions...

Siemens SICAM P850 family and SICAM P855 family

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform arbitrary actions on the device on behalf of a legitimate user, or impersonate that user. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

Lucee Unset Credentials

Lucee web application server may be configured with no credentials. If an attacker setup the default accounts, they could gain unauthorized access to the application and perform arbitrary actions on it. No source data...

CVE-2025-63562

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters e.g.,...