CVE-2026-44521

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

elFinder SQL注入漏洞

ElFinder is an open-source web file manager developed by Studio 42. Versions of ElFinder prior to 2.1.68 contained a SQL injection vulnerability. This vulnerability stemmed from an SQL injection flaw in the MySQL volume driver, allowing any logged-in user to inject SQL statements through a...

EUVD-2026-26393

An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled...

Arbitrary File Deletion

Gin-vue-admin is vulnerable to arbitrary file deletion. The vulnerability is due to improper validation of the FileMd5 parameter, which allows an attacker to manipulate file paths and delete arbitrary files or folders on the server...

SUSE CVE-2025-68183

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

UBUNTU-CVE-2025-68183

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

SUSE CVE-2025-66410

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder...

CVE-2025-39689

CVE-2025-39689 affects the Linux kernel’s ftrace filter handling. The issue arose because readers (set_ftrace_filter/set_ftrace_notrace) kept a pointer to the global tracer hash, unlike writers who copy the hash. The pointer could remain static across calls that release locks and update the globa...

CVE-2025-21465

Information disclosure while processing the hash segment in an MBN file...

Description of the security update for Visual Studio 2015 Update 3: July 8, 2025 (KB5063035)

Description of the security update for Visual Studio 2015 Update 3: July 8, 2025 KB5063035 Applies to: All Visual Studio 2015 Update 3 editions except Build Tools Summary An elevation of privilege vulnerability exists in the Diagnostics Hub Standard Collector if it handles file operations...

Description of the security update for PowerPoint 2016: July 8, 2025 (KB5002746)

Description of the security update for PowerPoint 2016: July 8, 2025 KB5002746 Summary This security update resolves a Microsoft PowerPoint remote code execution vulnerability and Microsoft Office remote code execution vulnerability. To learn more about the vulnerabilities, see the following...

End of support for Office 2016 and Office 2019

None None...

Description of the security update for Office Online Server: April 8, 2025 (KB5002699)

Description of the security update for Office Online Server: April 8, 2025 KB5002699 Summary This security update resolves a Microsoft Excel remote code execution vulnerability and Microsoft Office remote code execution vulnerability. To learn more about the vulnerabilities, see the following...

Description of the security update for OneNote 2016: April 8, 2025 (KB5002622)

Description of the security update for OneNote 2016: April 8, 2025 KB5002622 Summary This security update resolves a Microsoft OneNote security feature bypass vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-29822. Note: To apply th...

Description of the security update for Office 2016: April 8, 2025 (KB5002588)

Description of the security update for Office 2016: April 8, 2025 KB5002588 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-26642. Note: To apply this...

Description of the security update for Office 2016: April 8, 2025 (KB5002703)

Description of the security update for Office 2016: April 8, 2025 KB5002703 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-26642. Note: To apply this...

Description of the security update for Access 2016: April 8, 2025 (KB5002701)

Description of the security update for Access 2016: April 8, 2025 KB5002701 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-26642. Note: To apply this...

Description of the security update for Office 2016: April 8, 2025 (KB5002669)

Description of the security update for Office 2016: April 8, 2025 KB5002669 Summary This security update resolves a Microsoft Office elevation of privilege vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-27744. Note: To apply this...

Description of the security update for Access 2016: March 11, 2025 (KB5002697)

Description of the security update for Access 2016: March 11, 2025 KB5002697 Summary This security update resolves a Microsoft Access remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-26630. Note: To apply this...

Description of the security update for Excel 2016: March 11, 2025 (KB5002696)

Description of the security update for Excel 2016: March 11, 2025 KB5002696 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and Exposures...