CVE-2026-3255 HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

Edimax BR-6288ACL 代码注入漏洞

The Edimax BR-6288ACL is a wireless router produced by Edimax Corporation. Versions of Edimax BR-6288ACL prior to 1.12 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of a parameter named manualssid in the file wizWISP24gmanual.asp, which could lead to...

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

CVE-2025-68916

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...

CVE-2025-68916

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...

CVE-2025-68915

Riello UPS NetMan 208 Application prior to 1.12 is affected by a cross-site scripting (XSS) vulnerability in the CGI script cgi-bin/loginbanner_w.cgi, exploitable via a crafted banner. The issue arises from the loginbanner_w.cgi component and can lead to script execution within the context of the...

Riello UPS NetMan 208 安全漏洞

Riello UPS NetMan 208 is a network management card from Riello UPS, Italy. A security vulnerability exists in Riello UPS NetMan 208 versions prior to 1.12, which stems from the presence of directory traversal in cgi-bin/certsupload.cgi, which could lead to file uploads and code execution...

PT-2025-53347

Name of the Vulnerable Software and Affected Versions Riello UPS NetMan 208 Application versions prior to 1.12 Description The software contains a directory traversal flaw in the cgi-bin/certsupload.cgi component. This allows for file upload outside the intended path, potentially leading to code...

Riello UPS NetMan 208 跨站脚本漏洞

Riello UPS NetMan 208 is a network management card from Riello UPS, Italy. A cross-site scripting vulnerability exists in Riello UPS NetMan 208 versions prior to 1.12, which stems from the presence of cross-site scripting in cgi-bin/loginbannerw.cgi, which could lead to the execution of malicious...

PT-2025-53346

Name of the Vulnerable Software and Affected Versions Riello UPS NetMan 208 Application versions prior to 1.12 Description The Riello UPS NetMan 208 Application, before version 1.12, contains a cross-site scripting XSS issue in the cgi-bin/loginbanner w.cgi component. This allows for the injectio...

Karmada 路径遍历漏洞

Karmada is a Kubernete management system open-sourced by Karmada. A path traversal vulnerability exists in versions of Karmada prior to 1.12.0, which stems from allowing users to run cloud-native applications across multiple Kubernetes clusters and clouds...

PT-2024-37585 · Canonical +1 · Ubuntu Advantage Desktop Daemon +2

Name of the Vulnerable Software and Affected Versions: Ubuntu Advantage Desktop Daemon versions prior to 1.12 Description: The Ubuntu Advantage Desktop Daemon leaks the Pro token to unprivileged users by passing the token as an argument in plaintext. Recommendations: For versions prior to 1.12,...

Canonical Ubuntu Advantage Desktop Daemon Security Vulnerability

Canonical Ubuntu Advantage Desktop Daemon is a daemon from Canonical UK that allows desktop applications to interact with Ubuntu Advantage. A security vulnerability exists in Canonical Ubuntu Advantage Desktop Daemon versions prior to 1.12, which originated from passing the Pro token as a paramet...

OpenMRS 跨站脚本漏洞

OpenMRS is an open source electronic medical record system from OpenMRS, Inc. in the United States. A cross-site scripting vulnerability exists in versions prior to OpenMRS Appointment Scheduling Module 1.12.x. The vulnerability can be exploited to perform cross-site scripting attacks. An attacke...

CVE-2021-24842

The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1 list private post titles of other users and 2 change the posted date of other users' posts...