1086992 matches found
PT-2026-48454
A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges...
Jenkins 代码问题漏洞
Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have code vulnerabilities...
PT-2026-48412
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...
National Security Agency Ghidra 代码问题漏洞
National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Previous versions of National Security Agency Ghidra, such as version 12.1, had code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the RMI...
FrankenPHP 输入验证错误漏洞
FrankenPHP is an open-source PHP application server developed by phpnet. In versions 1.11.2 to 1.2.3 of FrankenPHP, there was a vulnerability related to input validation errors. This vulnerability stemmed from the incorrect use of the splitPos function in cgi.go when the request path contained...
Lenovo Smart Connect 安全漏洞
Lenovo Smart Connect is a cross-device collaboration platform developed by China’s Lenovo Corporation. There is a security vulnerability in Lenovo Smart Connect for Windows. This vulnerability stems from a potential authentication bypass, which may allow locally authenticated users to execute...
Apache OFBiz 代码注入漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.07 had a code injection vulnerability. This vulnerability stemmed from improper co...
Splunk多款产品 代码问题漏洞
Splunk is a product of the American company Splunk. Splunk is a suite of data collection and analysis software. The Splunk Cloud Platform offers powerful services for data collection, processing, and analysis. Splunk Enterprise is also a suite of data collection and analysis software. Several...
Roxy-WI 输入验证错误漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from HAProxy saving unvalidated and unescaped JSON field values direct...
Lenovo LanSchool Classic 代码问题漏洞
Lenovo LanSchool Classic is a classroom teaching management software developed by Lenovo Corporation. Lenovo LanSchool Classic has code vulnerabilities, which stem from potentially uncontrolled search paths. These vulnerabilities may allow locally authenticated users to execute arbitrary code wit...
Broadcom Layer7 API Gateway 代码问题漏洞
Broadcom Layer7 API Gateway is an enterprise-level API gateway platform provided by Broadcom Corporation. There are code-related vulnerabilities in the Broadcom Layer7 API Gateway. These vulnerabilities originate from the interaction between client applications and the API gateway server...
Critical: samba security update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Missing access check on reparse point operations...
EulerOS 2.0 SP13 : libtiff (EulerOS-SA-2026-2300)
According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile...
PT-2026-48491
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.4 Splunk Enterprise versions prior to 10.0.7 Splunk Enterprise versions prior to 9.4.12 Splunk Enterprise versions prior to 9.3.13 Splunk Cloud Platform versions prior to 10.3.2512.12 Splunk Cloud...
BoxLite 路径遍历漏洞
BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of...
CVE-2026-41699: Unsafe Deserialization in Spring GraphQL
Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. More precisely, an application is vulnerable when all the following are true: When all the conditions above are met, an attacker can craft a malicious GraphQL request that can lead ...
TrueConf Windows Client < 8.5.3.884 Download of Code Without Integrity Check Vulnerability (CVE-2026-3502)
The version of TrueConf Windows Client installed on the remote host is prior to 8.5.3.884. It is, therefore, affected by a vulnerability: â A remote code execution vulnerability exists in the TrueConf Client update mechanism due to lack of cryptographic verification of update packages. An...
Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0601)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0601 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12,...
Linux Distros Unpatched Vulnerability : CVE-2026-7383
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact...
Debian dsa-6332 : libokular5core10 - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6332 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6332-1 [email protected] https://www.debian.org/security/...