CVE-2026-9493

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX Host contains an operating system command injection vulnerability. This...

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection, and they could allow...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from vulnerabilities in the web-based management...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection in the web-based management...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection in the web-based management...

CVE-2026-31195

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

Cisco Slido 安全漏洞

Cisco Slido is an interactive Q&A and voting platform provided by the American company Cisco. There is a security vulnerability in Cisco Slido, which stems from insecure direct object references. This vulnerability could allow authenticated remote attackers to access other users’ social media dat...

CVE-2026-7489

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-7491

School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data...

CVE-2026-6834

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

CVE-2026-5967 TeamT5｜ThreatSonar Anti-Ransomware - Privilege Escalation

ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges...

TeamT5 ThreatSonar Anti-Ransomware 安全漏洞

TeamT5 ThreatSonar Anti-Ransomware is an active and intelligent endpoint detection and response solution provided by TeamT5. TeamT5 ThreatSonar Anti-Ransomware has a security vulnerability, which stems from an OS command injection issue. This vulnerability could allow authenticated remote attacke...

Cisco Unity Connection 安全漏洞

Cisco Unity Connection is a voice messaging platform developed by Cisco, a company based in the United States. This platform allows users to make calls or listen to voic messages using voice commands. There is a security vulnerability in Cisco Unity Connection, which stems from improper user inpu...

CVE-2026-4639

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...

Ruckus Wireless多款产品 安全漏洞

Ruckus Wireless SmartZone is a high-performance WLAN controller from Ruckus Technologies. Several products of Ruckus Wireless have security vulnerabilities. These vulnerabilities stem from arbitrary file reading vulnerabilities in the command-line interface, which could allow authenticated remote...

Cisco IOS和Cisco IOS XE Software 安全漏洞

Cisco IOS and Cisco IOS XE Software are products of the American company Cisco. Cisco IOS is an operating system developed for its network devices. Cisco IOS XE Software is a network operating system. There are security vulnerabilities in Cisco IOS and Cisco IOS XE Software Release 3E. These...

CVE-2026-30587

CVE-2026-30587 affects Seafile Server and its Seadoc editor, with multiple stored XSS vulnerabilities exploited via WebSocket messages that update document structure. Affected versions include 13.0.15, 13.0.16-pro, and 12.0.14 and prior; fixes are in 13.0.17, 13.0.17-pro, and 12.0.20-pro. The iss...

EUVD-2026-14740

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...