13 matches found
CVE-2025-15540
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...
CVE-2025-15540
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...
CVE-2025-15540 Authenticated RCE in Raytha CMS
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...
CVE-2025-15540 Authenticated RCE in Raytha CMS
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...
Raytha CMS 代码注入漏洞
Raytha CMS is a content management system developed by the American company Raytha. Raytha CMS has a code injection vulnerability, which stems from the lack of sandboxing or access restrictions in the Functions module. This vulnerability could allow JavaScript code to instantiate.NET components a...
CVE-2026-26127
A flaw was found in .NET. An unauthorized attacker can exploit an out-of-bounds read vulnerability over a network, leading to a Denial of Service DoS. This can prevent legitimate users from accessing the affected service. Mitigation To mitigate this issue, restrict network access to applications...
MiracleLinux 8 : dotnet8.0-8.0.110-1.el8_10.ML.1 (AXSA:2024-8896:17)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8896:17 advisory. dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution CVE-2024-38229 dotnet: Multiple .NET componen...
Linux Distros Unpatched Vulnerability : CVE-2025-55248
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. CVE-2025-55248 Note...
CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
PT-2025-41166
Name of the Vulnerable Software and Affected Versions Dependency-Track versions prior to 4.13.5 Description Dependency-Track is a component analysis platform used for managing software supply chain risk. Versions prior to 4.13.5 may inadvertently transmit credentials intended for a private NuGet...
dotnet: Multiple .NET components susceptible to hash flooding
A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service...
dotnet: Multiple .NET components susceptible to hash flooding
A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service...
dotnet: Multiple .NET components susceptible to hash flooding
A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service...