21 matches found
PYSEC-2026-270 OS Command Injection in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider...
EUVD-2026-34977
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...
CVE-2026-38934
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settingsprocess.php...
PT-2025-46417
Name of the Vulnerable Software and Affected Versions IntelR PresentMon versions prior to 2.3.1 Description The software has default permissions that, in some cases, may allow for an escalation of privilege. An unprivileged software adversary with an authenticated user and a high complexity attac...
PT-2025-44651
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A performance degradation can occur when expanding environment variables using the os.path.expandvars function if the value passed to it is user-controlled. The function os.path.expandvars is susceptible to th...
CVE-2019-9087
HotelDruid before v2.3.1 has SQL Injection via the /tabtariffe.php numtariffa1 parameter...
CVE-2025-1756 MongoDB Shell may be susceptible to local privilege escalation in Windows
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...
PT-2025-7185
Name of the Vulnerable Software and Affected Versions: Kunal Shivale Global Meta Keyword & Description versions prior to 2.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing...
PT-2024-12725 · Unknown · Averta Phlox Portfolio
Name of the Vulnerable Software and Affected Versions: Averta Phlox Portfolio versions prior to 2.3.1 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows PHP Local File Inclusion. This means that an...
PT-2024-18267 · Oracle · Sqlplus
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0b4 beta, 2.2.0p24, 2.1.0p41 and 2.0.0 EOL Description: The invocation of the sqlplus command with sensitive information in the command line in the mk oracle Checkmk agent plugin allows the extraction of this...
UBUNTU-CVE-2023-4758
Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV...
GPAC 代码问题漏洞
GPAC is an open source multimedia framework. A code issue vulnerability exists in versions prior to GPAC 2.3-DEV that stems from a NULL pointer dereference in gpac...
PT-2025-5323
Name of the Vulnerable Software and Affected Versions visionOS versions prior to 2.3 Safari versions prior to 18.3 iOS versions prior to 18.3 iPadOS versions prior to 18.3 macOS Sequoia versions prior to 15.3 watchOS versions prior to 11.3 tvOS versions prior to 18.3 Description The issue is...
libspdm 安全漏洞
libspdm is a DMTF open source example implementation that follows the DMTF SPDM specification. A security vulnerability exists in libspdm versions prior to 2.3.3 and 3.0, which stems from a vulnerability that allows an unauthenticated requestor to store and use a respondent's CTExponent value...
GPAC 安全漏洞
GPAC is an open source multimedia framework. A security vulnerability exists in versions prior to GPAC 2.3.0-DEV that stems from the presence of a heap-based buffer overflow...
GHSA-737W-MH58-CXJP Arbitrary code execution in Apache Struts
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...
DEBIAN-CVE-2018-1110
A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service...
Magento Code Execution Vulnerability (CNVD-2019-39393)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9 and version 2.3...
Cisco Meeting Server Denial of Service Vulnerability (CNVD-2019-16513)
Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States Cisco Cisco company's set of audio and video conferencing server software. A denial of service vulnerability exists in Session Initiation Protocol SIP call processing in Cisco Meeting Server CMS versions...
Zend Framework Cross-Site Request Forgery Vulnerability
Zend Framework ZF is the United States Zend company developed a set of open source PHP5 development framework , it is mainly used for the development of Web programs and services. A cross-site request forgery vulnerability exists in Zend/Validator/Csrf in version 2.3.x prior to ZF 2.3.6. A remote...