CVE-2026-6008

CVE-2026-6008 describes an authorization bypass/IDOR in DijiDemi (Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co.). Affected versions are v4.5.12.1 before v4.5.13.0. Root cause: user‑controlled key enables privilege escalation. Impact includes hi...

CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

Linux Distros Unpatched Vulnerability : CVE-2025-13013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and...

CVE-2025-60595

SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution...

SPH Engineering UgCS 安全漏洞

SPH Engineering UgCS is a UAV mission planning and flight control software from the Latvian company SPH. A security vulnerability exists in SPH Engineering UgCS version 5.13.0, which originates from a vulnerability that could lead to arbitrary code execution...

CVE-2025-60595

CVE-2025-60595 affects SPH Engineering UgCS 5.13.0 and enables arbitrary code execution. The included metrics indicate a network-exposed, low-Complexity attack with no privileges required and no user interaction, resulting in high integrity impact and low confidentiality impact. The sources confi...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost version 5.13.0 and earlier, which stems from improper modal window management, and could allow an attacker to deny users access to a desktop application by...

CVE-2025-58084 Mattermost Desktop App crashes when clicking on malformed external URL

Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL...

EUVD-2025-26363

Malicious code in bioql PyPI...

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.13.0 that stems from vulnerability to a reflective cross-site scripting attack that allows session credentials to be stolen...

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM 5.13.0 and earlier versions, which stems from the EID parameter being directly connected to a SQL query without proper cleanup, which is susceptible to SQL injection...

Zoom Client 路径遍历漏洞

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability exists in Zoom Client versions prior to 5.13.0. An attacker can exploit this vulnerability to read and write the Zoom application data directory...

CVE-2018-12408

The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity XXE attacks via incomin...

UBUNTU-CVE-2015-5254

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service JMS ObjectMessage object...