16 matches found
CVE-2025-15565
The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the rotateFileVaultKey function in orbit/pkg/useraction/useractiondarwin.go. An attacker can execute arbitrary commands on macOS by supplying a crafted FileVault username or password that is interpolated into the...
Failed to create a restore point: PostgreSQL database operation failed multiple times with transient error.
Challenge After upgrading to Veeam Backup for Microsoft 365 8.2 or 8.3, jobs fail with the erorr: Failed to create a restore point: PostgreSQL database operation failed multiple times with transient error. Cause This issue occurs because various one-time PostgreSQL queries that the software...
CVE-2025-45753
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...
Vtiger CRM Open Source Edition 安全漏洞
Vtiger CRM Open Source Edition is a customer relationship management software from Vtiger, Inc. A security vulnerability exists in Vtiger CRM Open Source Edition version v8.3.0, which stems from the Services Import feature not properly cleaning up user input and could lead to a stored cross-site...
Accellion Kiteworks 安全漏洞
Accellion Kiteworks is a private cloud file sharing solution. A security vulnerability exists in Accellion Kiteworks version 7.x and version 8.x prior to 8.3.0, which stems from the presence of directory traversal that can lead to unauthenticated file read, file delete, and file write operations...
UBUNTU-CVE-2024-21090
Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successf...
Atlassian Confluence Security Vulnerability
Atlassian Confluence is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi. A security vulnerability exists in Atlassian Confluence Data Center and Server that stems from the presence of a remot...
CVE-2023-32878
In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992...
Adobe Substance 3D Painter 缓冲区错误漏洞
Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Painter 8.3.0 and earlier versions, which can be exploited by an attacker to execute code in the current user's context...
PT-2023-2739 · Adobe · Substance3D - Painter
Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Painter versions 8.3.0 and earlier Description: The issue is related to an out-of-bounds read vulnerability in the program, which could lead to the disclosure of sensitive memory. An attacker could leverage this vulnerabili...
WordPress plugin WP VR 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2022-3899 · General Electric · Inet +1
Name of the Vulnerable Software and Affected Versions: General Electric Renewable Energy iNET and iNET II versions prior to 8.3.0 Description: The issue is related to inadequate encryption strength in the software of General Electric Renewable Energy's iNET and iNET II products. This could allow ...
Denial of Service Vulnerability in CSC-830 of Beijing Sifang Relay Automation Co.
CSC830 PLC is a compact controller for small and medium-sized discrete automation systems and stand-alone automation systems from Beijing Sifang Relay Automation Co. A denial of service vulnerability exists in the Beijing Sifang Relay Automation Company Limited CSC-830, which can be exploited by ...
Unspecified Vulnerability in Oracle Enterprise Session Border Controller
Oracle Enterprise Session Border Controller E-SBC connects disparate Internet Protocol IP communications networks while mitigating security threats, resolving interoperability issues, and ensuring reliable communications. A security vulnerability exists in the File Upload component in Oracle...
CVE-2016-6645
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the 1 GeneralCmdRequest, 2 PersistantDataRequest, or 3...