39 matches found
CVE-2026-48793 Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path
Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...
CVE-2026-42753
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...
📄 Ivanti 11.10 MobileIron Vulnerability Scanner
This PHP-based scanner detects unauthenticated access vulnerabilities in Ivanti EPMM / MobileIron products. The issue allows attackers to retrieve sensitive user information via exposed API endpoints. Version 11.10 is affected...
CVE-2025-56590
An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...
CVE-2025-14733
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...
CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...
VulnCheck KEV: CVE-2023-5285
A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...
WordPress Modula Image Gallery plugin <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload vulnerability
Authenticated Author+ Arbitrary File Upload vulnerability discovered by SavPhill Savphill in WordPress Plugin Modula Image Gallery versions = 2.11.10...
PT-2024-16494 · Tongda Oa · Tongda Oa
Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical issue was found in Tongda OA, affecting an unknown function of the file /pda/appcenter/check seal.php. The manipulation of the ID argument leads to SQL injection. It is possible to launch...
PT-2024-16436 · Tongda Oa · Tongda Oa
Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical vulnerability was found in Tongda OA, affecting an unknown functionality of the file /pda/approve center/check seal.php. The manipulation of the ID argument leads to SQL injection. The...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS versions 6.50 through 11.10, which stems from the Guard Tour VAPIX API parameter that allows the use of arbitrary values...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden AXIS. A security vulnerability exists in AXIS OS versions 8.40 through 11.10. An attacker exploiting the vulnerability could enumerate folder or file names on the local file system...
PT-2024-20639 · Unknown · The Prime Slider – Addons For Elementor
Name of the Vulnerable Software and Affected Versions: BdThemes Prime Slider – Addons For Elementor versions 3.11.10 and earlier Description: The issue is related to a Missing Authorization vulnerability. There is no information provided about the estimated number of potentially affected devices...
CVE-2024-1252
A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/askduty/delete.php. The manipulation of the argument ASKDUTYID leads to sql injection. The exploit has been disclosed to...
PT-2024-17638 · Unknown · Tongda Oa 2017
Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions up to 11.9 Description: A critical vulnerability was found in Tongda OA 2017. The issue affects an unknown functionality of the file /general/attendance/manage/ask duty/delete.php. The manipulation of the ASK DUTY ID...
CVE-2023-6611
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAILID leads to sql injection. The exploit has been disclosed to the public and may be used...
CVE-2023-39337
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious...
CVE-2023-6084
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VUID leads to sql injection. The exploit has been disclosed to the public and ma...
CVE-2023-6054
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERMIDSTR leads to sql injection. The exploit has been disclosed to the public and may be used...
TONGDA Office Anywhere SQL Injection Vulnerability
TONGDA Office Anywhere is a collaborative office OA system. A security vulnerability exists in TONGDA Office Anywhere version 11.10, which originates from a SQL injection vulnerability in the parameter deleteSTR in the file setprint/delete.php...