1288 matches found
webERP 安全漏洞
webERP is an open-source ERP system developed by Tim Schofield. It supports inventory management, permission role management, order management, and financial management. Version 4.15.1 of webERP contains a security vulnerability caused by an unverified file access flaw. Attackers can directly...
CVE-2026-23592
Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-23592 Insecure File Handling allows Remote Code Execution in Backup Functionality
Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-23592 Insecure File Handling allows Remote Code Execution in Backup Functionality
Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...
phpMyFAQ security vulnerabilities
phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ 4.0.16 and earlier contain security vulnerabilities. These vulnerabilities stem from authorization logic flaws, which may allow non-administrative users to trigger configuration backups and...
Improper Authorization
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Authorization via the backup endpoint in the setup API. An attacker can access sensitive configuration backups by sending authenticated request...
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenan...
Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted
Summary Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and validated during the request cycle. However, it is possib...
EUVD-2025-206300
Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted...
CVE-2025-69198
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
CVE-2025-69198
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
CVE-2025-69198
Pterodactyl panel suffers a race condition in resource locking: before v1.12.0, concurrent requests can bypass per-server resource validation and concurrently create more databases, allocations, or backups than configured, denying resources to other users and potentially exhausting node quotas. T...
CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
PT-2026-3485
Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.12.0 Description Pterodactyl is a game server management panel that applies rate limits to resources like databases, port allocations, and backups on a per-server basis. In versions before 1.12.0, a malicious us...
Exploit for CVE-2025-8489
100-days-challenge-day-21--WP scan WP Scan helped identify co...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000736)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000736 advisory. fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount o...
CVE-2020-24366
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups...
CVE-2024-39118
Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up...