11 matches found
EUVD-2026-16575
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...
VulnCheck KEV: CVE-2025-1302
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...
NewStart CGSL MAIN 6.06 : gcc Vulnerability (NS-SA-2025-0227)
The remote NewStart CGSL host, running version MAIN 6.06, has gcc packages installed that are affected by a vulnerability: - The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy...
PT-2024-37791 · Unknown · Lollms-Webui
Name of the Vulnerable Software and Affected Versions: lollms-webui versions prior to 10 Description: A CORS misconfiguration allows attackers to steal sensitive information, such as logs, browser sessions, and settings containing private API keys from other services. This issue can also enable...
PT-2023-31801 · Unknown · Sandbox Accounts For Events
Name of the Vulnerable Software and Affected Versions: Sandbox Accounts for Events versions prior to 1.10.0 Description: The issue allows authenticated users to potentially read data from the events table by sending request payloads to the "events API", collecting information on planned events,...
CVE-2020-7846
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page...
CVE-2020-1788
Honor V30 smartphones with versions earlier than 10.0.1.135C00E130R4P1 have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious...
Red Hat Infinispan Elevation of Privilege Vulnerability
Red Hat Infinispan is a distributed caching and key-value NoSQL data storage software from Red Hat Red Hat. A security vulnerability exists in versions prior to Red Hat Infinispan 10.0.0 Final. An attacker could exploit the vulnerability to invoke private methods with Infinispan privileges...
Apple Xcode LLVM Component Memory Corruption Vulnerability
Apple Xcode is the United States Apple Apple company's set of integrated development environment for developers, it is mainly used for the development of Mac OS X and iOS applications. LLVM Low Level Virtual Machine is a set of LLVM team developed a framework for framing the compiler compiler...
CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization...
Apache Batik Information Disclosure Vulnerability (CNVD-2018-10557)
Apache Batik also known as Batik SVG Toolkit or Batik Java SVG Toolkit is the U.S. Apache Apache Software Foundation's set of Java-based application programs mainly used to deal with SVG format images. An information disclosure vulnerability exists in Apache Batik versions 1.x prior to 1.10. An...