EUVD-2018-21789

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

VulnCheck KEV: CVE-2021-22681

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...

CVE-2025-58744 Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture

Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from...

CVE-2023-45806

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

AZL-73325 CVE-2025-68131 affecting package python-cbor2 5.6.5-2

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

CVE-2025-68131 CBORDecoder reuse can leak shareable values across decode calls

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

CVE-2025-68131

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

CVE-2025-13773 Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Unauthenticated Remote Code Execution

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerceDeliveryNotes::update' function. This is due to missing capability check in the 'WooCommerceDeliveryNotes::update' functio...

CVE-2021-47697 Nagios XI < 5.8.0 XSS via Views URL Handling

Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting XSS via the Views feature URL handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2021-47696

Nagios XI prior to 5.8.0 is vulnerable to cross-site scripting (XSS) via BPI config ID handling. The issue arises from insufficient input validation/escaping of user-supplied data in BPI config ID processing, enabling an attacker to inject script executed in a victim’s browser. Affected product: ...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to 5.8.0 that stems from insufficient validatio...

PT-2025-44550

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.0 Description The software is susceptible to stored cross-site scripting XSS through the My Tools page. Insufficient validation or escaping of user-supplied input could allow an attacker to inject and execute...

PT-2025-44552

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.0 Description Nagios XI versions prior to 5.8.0 are susceptible to cross-site scripting XSS through the Views feature's URL handling. Insufficient validation or escaping of user-supplied input could allow an...

Amazon Linux 2 : glibc, --advisory ALAS2-2025-3040 (ALAS-2025-3040)

The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3040 advisory. The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It...

CVE-2025-29154

HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacaotreinamento/, .galera.app/rh/metas/perspectivaestrategica/edicao/, .galera.app/rh/cadastros/perspectivas/listagem/adc/,...

Scontain SCONE 安全漏洞

Scontain SCONE is a secure container environment from Scontain. A security vulnerability exists in Scontain SCONE version 5.8.0, which stems from the presence of an interface vulnerability that can lead to state corruption via injection signals...

PT-2024-33052 · Radare2 · Radare2

Name of the Vulnerable Software and Affected Versions: radare2 versions 5.8.0 through 5.9.4 Description: The issue allows a local attacker to cause a denial of service via the bf div function. Recommendations: For radare2 versions 5.8.0 through 5.9.4, consider disabling the bf div function as a...

Mattermost Desktop App 安全漏洞

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App version 5.8.0 and prior versions, which stems from a failure to protect the screen capture functionality. An attacker can exploit the vulnerability to silently...

ChurchCRM Security Breach

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version v5.8.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the Family Name parameter under the Register a New...

PT-2024-24871 · WordPress · Wp Travel Engine

Name of the Vulnerable Software and Affected Versions: WP Travel Engine versions prior to 5.8.0 Description: The issue is related to a Missing Authorization vulnerability in WP Travel Engine. This vulnerability affects WP Travel Engine versions prior to 5.8.0. Recommendations: For WP Travel Engin...