iTerm2 安全漏洞

iTerm2 is a terminal emulator developed by George Nachman for Mac OS X. Versions of iTerm2 prior to 3.6.9 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of executing code through DCS 2000p and OSC 135 data when displaying .txt files. This was because iTerm2...

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities. These vulnerabilities were due to a vulnerability that made the system susceptible to storage-type cross-site scripting attacks. This allowed...

CVE-2026-35474

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation on the /WeGIA/controle/control.php endpoint, which did not...

CVE-2026-33194

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocke...

PT-2025-33710 · WordPress · Real Spaces - Wordpress Properties Directory Theme

Name of the Vulnerable Software and Affected Versions: Real Spaces - WordPress Properties Directory Theme versions prior to 3.6 Description: The Real Spaces - WordPress Properties Directory Theme for WordPress is susceptible to privilege escalation through the change role member parameter during...

CVE-2024-44025

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicejob NiceJob nicejob allows Stored XSS.This issue affects NiceJob: from n/a through 3.6.5...

ISDO Software Web Software SQL注入漏洞

ISDO Software Web Software is an application from ISDO Software. A SQL injection vulnerability exists in ISDO Software Web Software versions prior to 3.6, which stems from improper neutralization of special elements...

CVE-2023-35764

Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting...

PT-2024-23613 · Unknown · Zephyr Rtos

Name of the Vulnerable Software and Affected Versions: Zephyr RTOS versions prior to 3.6 Description: The issue allows a malicious BLE device to crash a BLE victim device by sending a malformed gatt packet. This can be exploited for local attacks. Network segmentation can help mitigate the risk...

PT-2024-2373 · Wolfssl +1 · Wolfssl +1

Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 3.6.6 Description: The issue is related to the wolfSSL SP Math All RSA implementation being vulnerable to the Marvin Attack, a new variation of a timing Bleichenbacher style attack. This vulnerability is specific to...

PT-2023-12109 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector Installer and Uninstaller for Windows versions prior to 3.6 Description: Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows allowed execution of binaries from a low privileg...

Dell OpenManage Enterprise 操作系统命令注入漏洞

Dell OpenManage Enterprise is an easy-to-use, one-to-many systems management console for IT infrastructure management from Dell, Inc. The software supports cost-effective, comprehensive lifecycle management of Dell EMC PowerEdge servers from a single console. An operating system command injection...

PT-2022-8587 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.8.2 Moodle versions prior to 3.7.5 Moodle versions prior to 3.6.9 Moodle versions prior to 3.5.11 Description: The issue allows users to view the grade history report without proper restrictions. Specifically, users...

b3log Symphony cross-site scripting vulnerability (CNVD-2019-34789)

b3log Symphony Sym is a modern open source community platform written in the Java language. A cross-site scripting vulnerability exists in b3log Symphony versions prior to 3.6.0, which stems from the lack of proper validation of client-side data by the WEB application and can be exploited by an...

libtasn1: asn1_read_value_type() NULL pointer dereference

The 1 asn1readvaluetype and 2 asn1readvalue functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service NULL pointer dereference and crash via a NULL value in an ivalue argument...