CVE-2020-37230 Syncplify.me Server! 5.0.37 Unquoted Service Path Privilege Escalation

Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSyste...

CVE-2026-32245

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...

EUVD-2025-32140

Malicious code in bioql PyPI...

PT-2025-32921 · Adobe · Substance3D - Sampler

Name of the Vulnerable Software and Affected Versions: Substance3D - Sampler versions 5.0.3 and earlier Description: Substance3D - Sampler is affected by an out-of-bounds read issue that may result in the disclosure of sensitive memory. Exploitation of this issue requires user interaction,...

OpenHarmony 安全漏洞

OpenHarmony is an open source project of a kind of Hongmeng operating system from the OpenAtom OpenAtom Foundation in China. A security vulnerability exists in OpenHarmony v5.0.3 and earlier versions that stems from type confusion and could cause an application to crash...

CVE-2022-27332

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service DoS...

DEBIAN-CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Juniper ATP Cross-Site Scripting Vulnerability (CNVD-2019-24381)

Juniper Advanced Threat Prevention ATP is a suite of advanced threat protection platforms from Juniper Networks. The product supports malware detection, file analysis, and malicious IP address and URL blocking. A cross-site scripting vulnerability exists in the Golden VM menu in Juniper ATP...

Cisco Ultra Services Framework Unauthorized Access Vulnerability

Cisco Ultra Services Framework is an intelligent online service delivery platform from Cisco.Ultra Automation Service is one of the automation services. A security vulnerability exists in Cisco Ultra Services Framework for UAS versions prior to 5.0.3 and prior to 5.1. A remote attacker could...

Dolibarr ERP/CRM SQL Injection Vulnerability (CNVD-2017-11315)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in the user/index.php fil...