CVE-2026-22266

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass...

CVE-2026-22267

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...

CVE-2026-22269

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass...

Dell Avamar 路径遍历漏洞

Dell Avamar is a specially designed backup application developed by the American company Dell. It provides a convenient, packaged, affordable, and data-duplication-removal-based backup solution. Prior to version 19.12 of Dell Avamar, there was a path traversal vulnerability. This vulnerability...

CVE-2025-46699

Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

Dell Data Protection Advisor security vulnerabilities

Dell Data Protection Advisor is a reporting and analysis platform provided by the American company Dell. Versions of Dell Data Protection Advisor prior to 19.12 contained security vulnerabilities, which were caused by improper handling of special elements within the server template engine. These...

CVE-2021-22161

In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix...

CVE-2025-64988

Mode C: CVE-2025-64988 describes a command-injection in TeamViewer DEX (formerly 1E DEX) prior to V19.2, within the 1E-Nomad-GetCmContentLocations instruction. The root cause is improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands, enab...

happy-dom 代码注入漏洞

happy-dom is a JavaScript implementation of a web browser without a graphical user interface by the individual developer David Ortner. A code injection vulnerability exists in happy-dom version 19 and earlier, which stems from insufficient isolation of the Node.js VM Context environment and could...

CVE-2025-43943

Dell Cloud Disaster Recovery, versions prior to 19.20, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with...

CVE-2024-7267

Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. This issue affects EZD RP all versions before 19.6...

PT-2024-24212 · Unknown · Designa Abacus

Name of the Vulnerable Software and Affected Versions: DESIGNA ABACUS versions prior to v.19 Description: The issue allows an attacker to bypass the payment process via a crafted QR code. Recommendations: For versions prior to v.19, update to a version that includes a fix for this issue to preven...

CVE-2024-6240

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASHENV environment variable with the path to the malicious script, executing on application startup. An attacke...

Avast AntiVirus 安全漏洞

Avast Antivirus is a suite of antivirus software from the Czech company Avast. A security vulnerability exists in versions prior to Avast AntiVirus v.19.7 that stems from the presence of a buffer overflow vulnerability that allows a local attacker to cause a denial of service via a crafted reques...

PT-2023-12559 · Bordam Information Technologies · Bordam Information Technologies Library Automation System

Name of the Vulnerable Software and Affected Versions: Bordam Information Technologies Library Automation System versions prior to 19.2 Description: The issue is related to improper handling of parameters, allowing data collection as provided by users. Recommendations: For versions prior to 19.2,...

SUSE CVE-2020-8295

A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user...

SUSE CVE-2021-21442

In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19...

CVE-2022-2014

Code Injection in GitHub repository jgraph/drawio prior to 19.0.2...

CVE-2021-36311

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it...

AZL-6607 CVE-2021-36222 affecting package krb5 for versions less than 1.19.2-1

ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation...