OpenText Identity Manager 安全漏洞

OpenText Identity Manager is an identity governance platform provided by OpenText Corporation in Canada, which offers capabilities for managing the identity lifecycle and access control. Version 25.2 of OpenText Identity Manager contains a security vulnerability. This vulnerability stems from...

CVE-2025-66955

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...

EUVD-2025-25221

Malicious code in bioql PyPI...

PT-2025-40545

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.1 Description A flaw exists in Qsync Central where unrestricted resource allocation can occur. A remote attacker who obtains a user account may be able to prevent other systems, applications, or processes...

CVE-2025-43814

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote...

Linux Distros Unpatched Vulnerability : CVE-2024-57004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading t...

CVE-2025-29879

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

GHSA-G4VP-4GQR-7V8C Liferay Portal Enumeration Discrepancy in Calendars

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by...

CVE-2025-43743

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by...

CVE-2025-43743

**CVE-2025-43743 affects Liferay Portal 7.4.x and various DXP/GA releases (up to 92/2025.Q1.5 and 7.4 GA update 92). The root cause is information exposure via the calendar feature, allowing any authenticated remote user to enumerate other users’ names by crafting requests, enabling potential phi...

CVE-2022-44715

Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload...

CVE-2018-21033

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets CSS token sequence. Hitachi Command Suite includes...

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from a competitive conditio...

CVE-2024-29239

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information...

CVE-2024-29237

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and...

PT-2024-15867 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.4-25556-8 Synology DiskStation Manager DSM versions prior to 7.0.1-42218-7 Synology DiskStation Manager DSM versions prior to 7.1.1-42962-7 Synology DiskStation Manager DSM versions prior...

SUSE CVE-2010-3680

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service mysqld daemon crash by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure...

SUSE CVE-2014-0437

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer...

CVE-2022-44715

Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload...

PT-2022-18522 · Synology · Synology Calendar

Name of the Vulnerable Software and Affected Versions: Synology Calendar versions prior to 2.3.4-0631 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the webapi component. This allows remote...