15 matches found
CVE-2026-48306 Substance3D - Sampler | Out-of-bounds Write (CWE-787)
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
EUVD-2026-23462
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...
Insufficient validation of PAX extensions during extraction
In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by silently skipping a malform...
CVE-2026-30919 facileManager Affected by Stored Cross-Site Scripting (XSS)
facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...
VulnCheck KEV: CVE-2026-1207
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...
CVE-2025-14101
Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers.This issue affects PaperWork: from 5.2.0.9427 before 6.0...
CVE-2025-62876
A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4...
CVE-2024-11142 CSRF in Gosoft Software's Proticaret E-Commerce
Cross-Site Request Forgery CSRF vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery. This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05...
Vulnerability fixed in NetApp SnapCenter
NetApp has fixed a vulnerability in SnapCenter Specifically for versions earlier than 6.0.1P1 and 6.1P1. The vulnerability is in the way SnapCenter handles authenticated users. This allows authenticated users to gain administrative access on remote systems equipped with the SnapCenter plug-in. Th...
CVE-2024-13244
CVE-2024-13244 concerns Drupal Migrate Tools, a Drupal module for migrations. Multiple sources confirm a Cross-Site Request Forgery (CSRF) vulnerability in Migrate Tools, affecting versions 0.0.0 through 6.0.2 (vulnerability before 6.0.3). The underlying issue allows an authenticated administrato...
firefly-iii 输入验证错误漏洞
firefly-iii is a free and open source personal finance manager. An input validation error vulnerability exists in firefly-iii versions prior to 6.0.0 that stems from improper input validation...
PT-2022-9421 · Npm +4 · @Braintree/Sanitize-Url +4
Name of the Vulnerable Software and Affected Versions: @braintree/sanitize-url versions prior to 6.0.0 Description: The issue is related to Cross-site Scripting XSS due to improper sanitization in the sanitizeUrl function. This allows for potential XSS attacks. Recommendations: For versions prior...
UBUNTU-CVE-2019-2556
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
Drools: Remote Java Code Execution in MVEL
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...