CVE-2025-71211

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerabili...

EUVD-2017-2539

Malware in sbrugna...

EUVD-2012-0466

Malware in sbrugna...

PT-2024-31692 · Identity Automation · Rapididentity Lts +1

Name of the Vulnerable Software and Affected Versions: RapidIdentity LTS versions 2023.0.2 and earlier RapidIdentity Cloud versions 2024.08.0 and earlier Description: The issue allows a remote attacker to cause a denial of service via the username parameters by improperly restricting excessive...

GHSA-93C5-RJ2P-W52X Cross-site Scripting (XSS) in mindsdb/mindsdb

When a user uploads a csv file that contains an javascript payload a Cross-site Scripting XSS is triggered when the file is viewed. This is true for both cloud version and OSS version...

Cross-site Scripting (XSS) in mindsdb/mindsdb

When a user uploads a csv file that contains an javascript payload a Cross-site Scripting XSS is triggered when the file is viewed. This is true for both cloud version and OSS version...

ClickHouse Security Breach

ClickHouse is ClickHouse's fastest and most resource-efficient open source database for real-time applications and analytics. A security vulnerability exists in ClickHouse prior to 24.1, ClickHouse Cloud prior to 24.0.2.54535, which stems from an access control bypass when query caching is enable...

SUSE CVE-2023-48704

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

CVE-2023-38494 The cloud version of the MeterSphere interface leaks some sensitive data without authentication

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue...

CVE-2023-38494 The cloud version of the MeterSphere interface leaks some sensitive data without authentication

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue...

PT-2022-6152 · Sap · Sap Customer Data Cloud

Name of the Vulnerable Software and Affected Versions: SAP Customer Data Cloud Gigya mobile app for Android version 7.4 Description: The issue is related to an insufficiently robust encryption method used by the software, which lacks proper diffusion and does not effectively hide patterns. This c...

CVE-2022-23166

Sysaid – Sysaid Local File Inclusion LFI – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : here is the LFI Solution: Update to 22.2.20 cloud version, or to...

Design/Logic Flaw

Sysaid – Sysaid Local File Inclusion LFI – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : here is the LFI Solution: Update to 22.2.20 cloud version, or to...

CVE-2022-23166 Sysaid – Sysaid Local File Inclusion (LFI)

Sysaid – Sysaid Local File Inclusion LFI – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : here is the LFI Solution: Update to 22.2.20 cloud version, or to...

CVE-2022-23166

Sysaid – Sysaid Local File Inclusion LFI – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : here is the LFI Solution: Update to 22.2.20 cloud version, or to...

CVE-2021-36696

Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting XSS vulnerability in social media links on a user profile due to lack of input validation...

QNAP NAS 安全漏洞

Qnap Systems QNAP NAS running Multimedia Console is an application from China Weilian Qnap Systems. A Multimedia Console. A security vulnerability exists in QNAP NAS that stems from insecure storage of sensitive information in myQNAPcloud Link. The following products and versions are affected: QN...

CloudLock win_3.1.18.12 public cloud version suffers from sql injection bypass vulnerability

CloudLock is a free server security management software based on operating system kernel hardening technology, which supports cross-platform real-time, batch and remote security management of windows/linux servers. CloudLock Win3.1.18.12 public cloud version suffers from a sql injection bypass...

Adobe Creative Cloud Security Update (APSB19-39) - Mac OS X

Adobe Creative cloud is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:creativecloud";...

IBM InfoSphere Information Server Privilege Mobilization Vulnerability

IBM InfoSphere Information Server is a suite of data integration platforms from IBM in the United States, which can be used to integrate data and information obtained from various sources. An elevation of privilege vulnerability exists in IBM InfoSphere Information Server version 11.7.1 and...