Linux Distros Unpatched Vulnerability : CVE-2026-22702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv...

CVE-2023-25146

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note...

CVE-2001-1517

RunAs runas.exe in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying tha...

CVE-2003-1132

The DNS server for Cisco Content Service Switch CSS 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 NXDOMAIN or "Name Error" instead of response code 0 "No Error", which allows remote attackers to cause a denial of service inaccessible domain by forcing...

CVE-2021-22417

A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage...

CVE-2021-22385

A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution...

CVE-2022-23136

There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page...

CVE-2022-23142

ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible...

CVE-2019-18781

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site...

CVE-2019-18247

An attacker may use a specially crafted message to force Relion 650 series versions 1.3.0.5 and prior or Relion 670 series versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior to reboot, which could cause a denial of service...

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

CVE-2020-7809

ALSong 3.46 and earlier version contain a Document Object Model DOM based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Albumsab file...

CVE-2023-29186

In SAP NetWeaver BI CONT ADDON - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient administrative privileges then potentially critical OS files ca...

CVE-2017-6742

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. The vulnerability is due to a...

CVE-2025-13513

CVE-2025-13513 refers to the WordPress plugin Clik stats, where versions up to and including 0.8 are vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] parameter due to insufficient input sanitization and output escaping. The vulnerability can allow unauthenticated attacker...

WordPress Checkbox plugin unauthorized data loss vulnerability

WordPress Checkbox plugin are functional plugins designed to add or enhance checkbox functionality to a website. WordPress Checkbox plugin suffers from an unauthorized data loss vulnerability that stems from a lack of permission checking, which can be exploited by an attacker to cause unauthorize...

Adobe Illustrator on iPad Heap Buffer Overflow Vulnerability

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Illustrator on iPad, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...

WordPress plugin Depicter 跨站请求伪造漏洞

WordPress Depicter plugin is a slider, popup and rotator image creation tool designed for WordPress, offering a no-code interface and rich customization features. The WordPress Depicter plugin suffers from a cross-site request forgery vulnerability, which originates from a web application that do...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows that stems from an attacker's ability to elevate privileges by exploiting the vulnerability...

Microsoft Storport.sys Driver 安全漏洞

Microsoft Storport.sys Driver is a storage port driver component of the Windows operating system kernel from Microsoft Corporation USA. A security vulnerability exists in Microsoft Storport.sys Driver, which originates from a vulnerability that can be exploited by an attacker to elevate privilege...