19 matches found
EUVD-2026-36913
Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...
Astra Linux – Vulnerability in LibreOffice
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so that it does not match the denylist, resulting in ShellExecute attempting to launch an executable file...
SUSE CVE-2026-33902
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...
CVE-2026-39325
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extra...
EUVD-2026-20566
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...
CVE-2026-39344 Reflected XSS the login page through the 'username' parameter
ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting XSS vulnerability on the login page, which is caused by the lack of sanitization or encoding of the username parameter received from the URL. The username parameter value is directly...
ChurchCRM SQL注入漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stems from the SQL injection in the QueryView.php file, where the searchwhat parameter is vulnerable to attacks due to SQL injection...
EUVD-2026-14774
Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...
CVE-2026-25986
CVE-2026-25986 affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. Root cause: a heap buffer overflow in ReadYUVImage() (coders/yuv.c) occurs when processing malicious YUV 4:2:2 (NoInterlace) images, where the pixel-pair loop writes beyond the allocated row buffer. Impact (as stated): a...
Veritas Data Insight 安全漏洞
Veritas Data Insight is a Veritas solution that classifies, contextualizes, and controls unstructured data. A security vulnerability exists in Veritas Data Insight versions prior to 7.1, which stems from vulnerability to cross-site scripting attacks that allow remote attackers to inject arbitrary...
CVE-2023-47262
The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access is required to exploit...
SUSE CVE-2014-1290
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293...
ZOHO ManageEngine ADManager Plus 安全漏洞
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...
DEBIAN-CVE-2021-31317
Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated...
wildfly-core: Cross-site scripting (XSS) in JBoss Management Console
A cross-site scripting XSS vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users...
DEBIAN-CVE-2017-7890
The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read 700 bytes from the top of the...
VMware vRealize Automation Remote Command Execution Vulnerability
VMware vRealize Automation is a suite of cloud automation software from VMware. The software supports automated delivery of personalized infrastructure, deployment across multi-vendor, hybrid cloud infrastructures, simplified application release automation and continuous delivery. A remote code...
UBUNTU-CVE-2016-0777
The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key...
DEBIAN-CVE-2012-4547
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors...