Roadiz Document base system 数据伪造问题漏洞

The Roadiz Document Base System is an open-source HTML template rendering system based on documents developed by Roadiz. Versions prior to 2.3.43, 2.5.45, 2.6.31, and 2.7.18 of the Roadiz Document Base System had data manipulation vulnerabilities. These vulnerabilities stemmed from the use of OID...

PT-2026-39274

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The validate collection access function employs an incomplete allowlist that only verifies ownership for collections starting with user-memory- and file-. Other collection names, such as the...

PT-2026-28357

Name of the Vulnerable Software and Affected Versions CPCI85 Central Processing/Communication versions prior to V26.10 SICORE Base system versions prior to V26.10.0 Description An out-of-bounds write issue exists when parsing specially crafted XML inputs. This could allow an unauthenticated...

DEBIAN-CVE-2022-50625

In the Linux kernel, the following vulnerability has been resolved: serial: amba-pl011: avoid SBSA UART accessing DMACR register Chapter "B Generic UART" in "ARM Server Base System Architecture" 1 documentation describes a generic UART interface. Such generic UART does not support DMA. In current...

EUVD-2010-0716

Malware in sbrugna...

EUVD-2005-3845

Malware in sbrugna...

EUVD-2024-29365

Malicious code in bioql PyPI...

EUVD-2024-38121

Malicious code in bioql PyPI...

CVE-2024-37998

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V5.40, SICORE Base system All versions V1.4.0. The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto logi...

CVE-2024-31485

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V5.30, SICORE Base system All versions V1.3.0. The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated...

CVE-2024-56137 MaxKB RCE vulnerability in function library

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

kernel: serial: amba-pl011: avoid SBSA UART accessing DMACR register

A flaw was found in the Linux kernel’s AMBA-PL011 serial driver used on ARM Server Base System Architecture platforms. The existing stoprx operation shared between generic SBSA UARTs and AMBA-PL011 UARTs invoked pl011dmarxstop, which attempts to access the DMA Control Register DMACR. SBSA generic...

PT-2024-5125 · Sicam Egs +1 · Sicam Egs +4

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.40 SICORE Base system versions prior to V1.4.0 SICAM CP-8031, CP-8050, SICAM EGS affected versions not specified Description: The issue is related to the lack of necessary...

RHEL 6 : php-pear (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 - PECL in the download...

KYKMS 安全漏洞

KYKMS is a knowledge base management system. KYKMS suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack user sessions when malicious data is viewed...

PT-2024-3749 · Unknown · Cpci85 Central Processing/Communication +1

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.30 SICORE Base system versions prior to V1.3.0 Description: A command injection vulnerability exists due to missing server-side input sanitation in the web interface of affected...

Cloud Base Multiple School Generate And Management System 4.6.0 SQL Injection

==================================================================================================================================== | Title : Cloud Base Multiple school Generate & Management System v4.6.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pr...

SUSE CVE-2017-5630

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...

SUSE: Security Advisory (SUSE-SU-2022:2328-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PEAR core file overwrite vulnerability

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...