13 matches found
CVE-2025-54373
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has...
Masa CMS SQL注入漏洞
Masa CMS is a digital experience platform. A SQL injection vulnerability exists in MASA CMS versions prior to 7.4.6, prior to 7.3.13, and prior to 7.2.8, which stems from a SQL injection in the processAsyncObject method that could lead to remote code execution...
CVE-2024-23679
Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes...
Fortinet FortiMail 安全漏洞
Fortinet FortiMail is a suite of email security gateway products from Fortinet. The product provides features such as e-mail security and data protection. A security vulnerability exists in Fortinet FortiMail versions 7.6.0 through 7.6.1 and prior to 7.4.3, which originates from a stack buffer...
Alvaria Unified IP Unified Director 安全漏洞
Alvaria Unified IP Unified Director is a multichannel unified communications platform from Alvaria, Inc. that is primarily used for contact center management and customer interaction management. A security vulnerability exists in Alvaria Unified IP Unified Director prior to version 7.4 SP2, which...
UBUNTU-CVE-2024-31227
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...
VulnCheck KEV: CVE-2015-8813
The PageLoad function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery SSRF attacks via the url parameter...
Silicon Labs EmberZNet Security Vulnerability
Silicon Labs EmberZNet is a complete Zigbee protocol package from Silicon Labs, Inc. that contains all the elements required for robust and reliable mesh networking applications on the Silicon Labs Ember platform. A security vulnerability exists in Silicon Labs EmberZNet prior to version v7.4.0,...
Fortra GoAnywhere MFT Security Vulnerability
Fortra GoAnywhere MFT is a secure file transfer solution from Fortra USA. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.4.1. An attacker exploited the vulnerability to bypass authentication in order to create an administrator user through the management portal...
Accellion Kiteworks SQL注入漏洞
Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. A SQL injection vulnerability exists in Accellion Kiteworks versions prior to 7.4.0. An attacker could exploit the vulnerability to obtain sensitive database...
CVE-2020-14175
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2...
PT-2018-1896 · Openssh +5 · Openssh +5
Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 7.4 Description: The issue is related to a denial of service caused by a NULL pointer dereference and daemon crash in OpenSSH. This can be triggered by remote attackers via an out-of-sequence NEWKEYS message, as...
DotNetNuke Security Bypass Vulnerability
DotNetNuke DNN is a set of U.S. DNN company supported by Microsoft, based on the ASP.NET platform for open source content management system CMS. A security vulnerability exists in the installationwizard in versions of DNN prior to 7.4.1. A remote attacker can exploit the vulnerability by sending ...