420 matches found
CVE-2025-70821
renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component...
Studio Fabryka DobryCMS 代码问题漏洞
Studio Fabryka DobryCMS is a content management system developed by Studio Fabryka. Versions of Studio Fabryka DobryCMS prior to version 5.0 had code vulnerabilities. These vulnerabilities stemmed from defects in the file upload functionality, which could lead to remote code execution...
CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations
Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's AddonViewSet weblate/api/views.py, line 2831 uses queryset = Addon.objects.all without overriding getqueryset to scope results by user permissions. This allows any authenticated user or anonymous users if REQUIRELOG...
CVE-2026-23858
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection...
CVE-2026-22765
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges...
CVE-2026-22765
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges...
bn.js 安全漏洞
bn.js is a large number processing library developed by Fedor Indutny. Versions of bn.js prior to 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from calling maskn0 on any BN instance, which could corrupt internal state. This allowed methods like toString and divmod to...
QNAP Systems File Station 5 缓冲区错误漏洞
QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.5.6.5068 had a buffer error vulnerability. This vulnerability stemmed from out-of-bounds read attacks, which could lead to the...
CVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...
CVE-2026-25616
Blesta CVE-2026-25616 affects Blesta versions 3.x through 5.x before 5.13.3 due to mishandling of input validation (CORE-5665). Multiple sources (Red Hat, CVE listing, PacketStorm) indicate impacts include input handling defects that enable cross-site scripting in certain endpoints, with the cano...
CVE-2026-24872 Pointer arithmetic error in SkyFire_548
improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...
CVE-2026-24381
Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...
CVE-2025-67952
CVE-2025-67952 is a reflected XSS in the WordPress ThemeGoods Grand Tour theme prior to version 5.6.2. The initial record confirms the vulnerability and affected version, with remediation via upgrading to 5.6.2 or later (patched). The connected sources also catalog the same CVE across multiple fe...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004297)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004297 advisory. In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004133)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004133 advisory. getgatepage in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting caused by gate page...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003811)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003811 advisory. A memory leak in the mlx5fpgaconncreatecq function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001410)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001410 advisory. A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003855)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003855 advisory. There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveausgdma.c in nouveausgdmacreatettm in Nouveau DRM subsystem. The...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003590)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003590 advisory. An issue was discovered in drivers/scsi/qedi/qedidbg.c in the Linux kernel before 5.1.12. In the qedidbg family of functions, there is an out-of-bounds read. Tenable...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001571)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001571 advisory. In drivers/char/virtioconsole.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-len value...