11 matches found
CVE-2024-8273
Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1...
CVE-2025-64095
Summary (CVE-2025-64095) : DNN (DotNetNuke) versions before 10.1.1 are vulnerable to an unrestricted file upload due to the default HTML editor provider, allowing unauthenticated users to upload and overwrite files. This can enable website defacement and, when combined with other issues, potentia...
CVE-2025-64094 DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This...
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
...
Linux Distros Unpatched Vulnerability : CVE-2017-2386
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves...
Zulip server 安全漏洞
Zulip server is an open source team chat application from Zulip, Inc. in the United States. A security vulnerability exists in versions of Zulip server prior to 10.1, which stems from insufficient permission checking in the Delete Organizational Custom Profile Fields API, which could result in an...
PT-2024-2658 · Hitachi Vantara +1 · Hitachi Vantara Pentaho Data Integration & Analytics +1
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x Description: The issue is related to the disclosure of information through a server error message. It may allow a remote...
UBUNTU-CVE-2023-38315
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a trytoauthenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Service...
CVE-2021-22651
When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a...
CVE-2017-2495
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service application crash via a crafted web site that improperly interacts with the histor...
CVE-2016-4670
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log...