QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...

CVE-2026-39983 FTP Command Injection via CRLF in basic-ftp

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

Anchore Enterprise SQL注入漏洞

Anchore Enterprise is a container image security analysis and compliance management platform developed by Anchore Company in the United States. Versions of Anchore Enterprise prior to 5.25.1 contained a SQL injection vulnerability. This vulnerability stemmed from the GraphQL Reports API’s SQL...

CVE-2016-15050 Nagios XI < 5.2.4 SQL Injection in Notification Search

Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate parameterization or sanitation, allowing an authenticated user to manipulate database queries...

CVE-2025-4993

Untrusted Pointer Dereference vulnerability in RTI Connext Professional Core Libraries allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0., from 5.3.0 before 5.3., from 4.4a...

Linux Distros Unpatched Vulnerability : CVE-2018-3298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.2.20. Easi...

Drupal Enterprise MFA - TFA for Drupal 安全漏洞

Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0, which stems from the use of an alternate path or channel to bypass...

WordPress Gianism plugin < 5.2.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Felipe Restrepo Rodriguez, Mateo Gutierrez Gomez in WordPress Plugin Gianism versions 5.2.1...

Opswat Metadefender Core 安全漏洞

OPSWAT MetaDefender Core OPSWAT MDCore is a multi-engine anti-malware software from OPSWAT, Inc. It prevents the upload of malicious files on web applications that bypass sandboxing and other detection-based security solutions. A security vulnerability exists in Opswat Metadefender Core versions...

PT-2024-12055 · Opswat · Opswat Metadefender Core

Name of the Vulnerable Software and Affected Versions: Opswat Metadefender Core versions prior to 5.2.1 Description: The issue concerns a failure to properly defend against potential HTML injection and XSS attacks. Recommendations: For versions prior to 5.2.1, update to version 5.2.1 or later to...

Acronis Cyber Infrastructure 安全漏洞

Acronis Cyber Infrastructure is a simple, efficient and secure solution for edge workloads from Acronis Switzerland. A security vulnerability exists in versions prior to Acronis Cyber Infrastructure 5.2.0-135, which stems from the disclosure of sensitive information due to a CORS misconfiguration...

SUSE CVE-2018-2842

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

SUSE CVE-2019-2525

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualB...

SUSE CVE-2020-10720

A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system...

SUSE CVE-2020-27821

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting i...

CVE-2022-4050

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

PT-2022-12464 · Luxsoft · Luxcal Web Calendar

Name of the Vulnerable Software and Affected Versions: LuxSoft LuxCal Web Calendar versions prior to 5.2.0 Description: An unauthenticated attacker can manipulate a POST request, allowing the attacker's session to be authenticated as any registered LuxCal user, including the site administrator...

CVE-2022-27662

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context...

DEBIAN-CVE-2009-0948

Multiple buffer overflows in the 1 cdfreadsat, 2 cdfreadlongsectorchain, and 3 cdfreadssat function in file before 5.02...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-48224)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server. The vulnerability can be exploited to bypass domain-based registration policies with the help of multiple email addresses. The following product...