21 matches found
EUVD-2026-39778
Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...
Spacelabs Healthcare Sentinel 安全漏洞
Spacelabs Healthcare Sentinel is a cardiology information management system developed by Spacelabs Healthcare in the United States. Vulnerabilities exist in Spacelabs Healthcare Sentinel versions 10.5.x and later, as well as versions 11.6.0 and earlier under the 11.x.x range. These vulnerabilitie...
EUVD-2026-12627
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...
CVE-2023-3124
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updatepageoption function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...
CVE-2022-22579
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application...
CVE-2023-29100
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Dream-Theme The7 plugin = 11.6.0 versions...
PT-2023-25325 · Sugarcrm · Sugarcrm Enterprise
Name of the Vulnerable Software and Affected Versions: SugarCRM Enterprise versions prior to 11.0.6 SugarCRM Enterprise versions 12.x prior to 12.0.3 Description: An Unrestricted File Upload issue has been identified in the Notes module due to missing input validation. This allows custom PHP code...
SeaCMS Denial of Service Vulnerability (CNVD-2024-37629)
SeaCMS is designed to solve the core needs of station owners and content management system, a set of programs to adapt to computers, cell phones, tablets, APP multiple terminal entrances, without any encryption code, safe and secure, is the best station building tools. SeaCMS 11.6 version of the...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 11.6. An attacker exploits the vulnerability to access and take over resources via specially crafted HTTP requests...
WWBN AVideo SQL注入漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. WWBN AVideo version 11.6 suffers from a SQL injection vulnerability that stems from a sql injection vulnerability in the ObjectYPT function. An attacker can use this vulnerability to cause an sql injection via a specially...
WWBN AVideo SQL注入漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. WWBN AVideo version 11.6 suffers from a SQL injection vulnerability that stems from a sql injection vulnerability in the ObjectYPT function. An attacker can use this vulnerability to cause an sql injection via a specially...
WWBN AVideo 跨站脚本漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 11.6. An attacker can exploit this vulnerability to execute arbitrary Javascript via a specially crafted HTTP request...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 11.6, which stems from a missing HttpOnly flag in the session cookie and pass cookie, which can disclose sensitive information...
PT-2022-14124 · WordPress · Very Simple Contact Form
Name of the Vulnerable Software and Affected Versions: Very Simple Contact Form WordPress plugin versions prior to 11.6 Description: The issue allows bots to bypass the captcha check by exposing the solution in the rendered contact form as hidden input fields and plain text, making the page a...
HCL Technologies HCL Sametime 安全漏洞
HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6 that could be exploited by attackers to conduct clickjacking attacks in conference chats...
SeaCMS 安全漏洞
SeaCMS is a free and open source web content management system written in PHP. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 11.6, which stems from the discovery of a Remote Command Execution RCE vulnerability containing a...
Wwbn Avideo 跨站脚本漏洞
Wwbn Avideo is a video platform builder written in PHP by the Wwbn WWBN team. A security vulnerability exists in objects/function.php in the function getDeviceID in Wwbn Avideo before 11.6, which allows an attacker to view /include/head.php with the yptDevice parameter...
PT-2022-15910 · Netapp · Storagegrid
Name of the Vulnerable Software and Affected Versions: StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 Description: The issue allows disabled, expired, or locked external user accounts to access S3 data to which they previously had access. In StorageGRID 11.6.0, the user accoun...
PT-2021-2432 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.6 Description: The issue is related to the rtw wx set scan function in the Linux kernel, which allows writing beyond the end of the -ssid array. This can lead to a buffer overflow in memory. The exploitation...