11 matches found
CVE-2026-40098
CVE-2026-40098 affects OpenMage LTS (Magento-based) prior to version 20.17.0. The shared wishlist add-to-cart endpoint improperly authorizes via a public sharing_code while loading the target wishlist item by a separate global wishlist_item_id, failing to verify ownership. This enables an attacke...
WWBN AVideo 授权问题漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to authorization issues. These vulnerabilities stemmed from fixed session IDs and bypasses of session regeneration, which could lead ...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage cross-site scripting vulnerability in...
AVideo 安全漏洞
AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions prior to 20.0, which stems from a lack of ownership checking in the upload function that could cause an authenticated user to upload files to another user...
EUVD-2025-33366
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...
PT-2023-17292
Name of the Vulnerable Software and Affected Versions Eskom Water Metering Software versions prior to 23.04.06 Description The issue is related to an SQL Injection vulnerability, which allows for Command Line Execution through SQL Injection. This is due to the improper neutralization of special...
SUSE CVE-2012-2831
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references...
CVE-2022-38336
An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication...
UBUNTU-CVE-2022-2084
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...
CVE-2020-24458
Incomplete cleanup in some IntelR PROSet/Wireless WiFi and Killer TM drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service via adjacent access...
Intel PROSet/Wireless WiFi Software Elevation of Privilege Vulnerability
Intel Dual Band Wireless-AC 3160 and others are wireless network cards from Intel Corporation USA.Intel PROSet/Wireless WiFi Software is the set of software that runs on it. The software includes Wi-Fi drivers, wireless software extensions, and Wi-Fi connectivity utilities. A security vulnerabili...