708 matches found
OESA-2026-1010 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resour...
OESA-2026-1009 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resour...
CVE-2020-24146
Directory traversal in the CM Download Manager aka cm-download-manager plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action...
CVE-2025-2154
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS.This issue affects Specto CM: before 17032025...
CVE-2025-2155
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025...
CVE-2025-2154
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS. This issue affects Specto CM: before 17032025...
EUVD-2025-205285
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion.This issue affects Specto CM: before 17032025...
CVE-2025-2155 Arbitrary File Upload in EchoCCS's Specto CM
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025...
CVE-2025-2155
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025...
CVE-2025-2154
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS. This issue affects Specto CM: before 17032025...
CVE-2025-2154 Stored XSS in EchoCCS's Specto CM
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS. This issue affects Specto CM: before 17032025...
CVE-2025-2154
CVE-2025-2154 is a Stored XSS vulnerability affecting Specto CM (Echo Specto Call Center Management) prior to version 17032025, caused by improper input neutralization during web page generation. The issue is documented across multiple sources (NVD, Red Hat, CVE listing) as a stored XSS in Specto...
EUVD-2025-205286
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS.This issue affects Specto CM: before 17032025...
Echo Specto CM 跨站脚本漏洞
Echo Specto CM is a call center management system from Echo Turkey. A cross-site scripting vulnerability exists in versions prior to Echo Specto CM 17032025, which stems from improper input neutralization and could lead to a stored cross-site scripting attack...
PT-2025-53295
Name of the Vulnerable Software and Affected Versions Specto CM versions prior to 17032025 Description Specto CM is susceptible to a flaw involving unrestricted file uploads, potentially leading to Remote Code Inclusion. The issue stems from the ability to upload files without proper restrictions...
WordPress plugin CM On Demand Search And Replace 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-51381
Name of the Vulnerable Software and Affected Versions CreativeMindsSolutions CM On Demand Search And Replace versions through 1.5.4 Description An authorization issue exists in CreativeMindsSolutions CM On Demand Search And Replace, allowing exploitation due to incorrectly configured access contr...
kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...
CVE-2020-36873
The CVE-2020-36873 entry affects Astak CM-818T3 2.4GHz wireless security cameras. A vulnerability exists in the /web/cgi-bin/hi3510/backup.cgi endpoint that allows remote, unauthenticated download of a compressed configuration backup, potentially exposing administrative credentials and other sens...
CVE-2020-36873 Astak CM-818T3 Unauthenticated Configuration Disclosure
Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorizatio...