CVE-2026-41411

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

PT-2026-6790

Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.2.0 Description calibre is an e-book manager. A Server-Side Template Injection SSTI vulnerability exists in calibre’s Templite templating engine. This allows for arbitrary code execution when a user converts an eboo...

CVE-2025-9711

CVE-2025-9711 is a local privilege escalation flaw in Brocade Fabric OS prior to 9.2.1c3, enabling a local authenticated user to elevate privileges to root via the export option of the seccertmgmt and seccryptocfg commands. Connected sources confirm affected software versions and the root-cause i...

CVE-2025-58380 Directory transversal vulnerability in Brocade Fabric OS before 9.2.1 using grep command

A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories...

CVE-2025-58380

Brocade Fabric OS prior to 9.2.1 is affected by CVE-2025-58380, a local directory traversal issue exploitable by an authenticated admin using the shell grep command to modify PATH, enabling traversal to higher directories. Multiple connected sources (Red Hat, NVD, Broadcom advisories) corroborate...

CVE-2025-58379

Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user...

CVE-2025-58379 Password Exposure in Brocade Fabric OS

Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user...

CVE-2025-58379

CVE-2025-58379 affects Brocade Fabric OS prior to 9.2.1, enabling a local authenticated attacker to reveal command-line passwords by exploiting commands that may expose higher-privilege sensitive information to a lower-privileged user. Connected sources confirm the vulnerable software as Brocade ...

ONLYOFFICE Docs 跨站脚本漏洞

ONLYOFFICE Docs is an online office software from ONLYOFFICE, Inc. A cross-site scripting vulnerability exists in versions of ONLYOFFICE Docs prior to 9.2.1, which stems from improper handling of the Font field in the Multi-Level List Settings window, which could lead to a cross-site scripting...

PT-2025-53411

Name of the Vulnerable Software and Affected Versions ONLYOFFICE Docs versions prior to 9.2.1 Description The software contains a flaw that allows for cross-site scripting XSS. This occurs through manipulation of the Font field within the Multilevel list settings window. The issue is related to t...

CVE-2023-22055

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

SUSE CVE-2025-2945

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

CVE-2023-52943

Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors...

CVE-2024-2753

Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings scre...

CVE-2024-25946

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity...

Arcserve Unified Data Protection Security Vulnerability

Arcserve Unified Data Protection is Arcserve's all-in-one data and ransomware protection solution. A security vulnerability exists in Arcserve Unified Data Protection versions prior to 9.2 that stems from routines that allow an attacker to upload and execute arbitrary files...

PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS versions prior to 9.2. An attacker can exploit this vulnerability to perform cross-site scripti...

PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS versions prior to 9.2. An attacker can exploit this vulnerability to perform cross-site scripti...

PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS versions prior to 9.2. An attacker can exploit this vulnerability to perform cross-site scripti...

SUSE CVE-2009-2992

An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors...