1630 matches found
Microsoft Lightweight Directory Access Protocol(LDAP) 输入验证错误漏洞
Microsoft Lightweight Directory Access Protocol LDAP is a directory services protocol from Microsoft Corporation USA that operates on a layer above the TCP/IP stack. An input validation error vulnerability exists in Microsoft Lightweight Directory Access Protocol LDAP. An attacker could exploit...
Microsoft Windows SMB Server 竞争条件问题漏洞
Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...
Microsoft Windows 信息泄露漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. Microsoft Windows suffers from an information disclosure vulnerability. An attacker could exploit this vulnerability to obtain sensitive information. The following...
Microsoft Windows Remote Procedure Call Runtime 资源管理错误漏洞
Microsoft Windows Remote Procedure Call Runtime is a powerful technology for creating distributed client/server programs from Microsoft Corporation USA. A resource management error vulnerability exists in Microsoft Windows Remote Procedure Call Runtime. An attacker could exploit the vulnerability...
Microsoft Windows 资源管理错误漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. Microsoft Windows suffers from a resource management error vulnerability. An attacker could exploit this vulnerability to gain elevated privileges. The following products and versions are...
CVE-2025-10569 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls...
CVE-2019-7095
Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2025-65120
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...
CVE-2025-53523
Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...
CVE-2025-61987
CVE-2025-61987 affects GroupSession variants: Free edition prior to 5.3.0, byCloud prior to 5.3.3, and ZION prior to 5.3.2. The root cause is lack of origin validation in WebSockets, which may allow exposure of chat information to users accessing crafted pages. Affected software is GroupSession (...
CVE-2025-61950
CVE-2025-61950 affects Japan Total System GroupSession family (Free edition before ver5.3.0, byCloud before ver5.3.3, ZION before ver5.3.2). Description: an authenticated user can bypass authorization and alter the memo field of a Circular notice due to an improper authorization check. Impact des...
CVE-2025-12562
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...
PT-2025-50878
In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.
Summary Multiple vulnerabilities were addressed in IBM Business Automation Manager Open Editions 9.3.1. Vulnerability Details CVEID:CVE-2025-61748 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...
CVE-2025-8405
GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability...
CVE-2025-8405
Removed by vendor...
CVE-2025-14157 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters...
CVE-2025-64499
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...
Description of the security update for Office 2016: December 9, 2025 (KB5002812)
None None...
Microsoft Windows Storage 访问控制错误漏洞
Microsoft Windows Storage is a data storage solution from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Windows Storage. An attacker could exploit this vulnerability to elevate privileges. The following products and editions are affected:Windows 10 Version...