18 matches found
nbconvert 路径遍历漏洞
nbconvert is a format conversion library from the Jupyter organization. It converts Jupyter .ipynb notebook files into other static formats, including HTML, LaTeX, PDF, Markdown, etc. Version 6.5 to 7.17.0 of nbconvert has a path traversal vulnerability. This vulnerability stems from the improper...
EUVD-2025-209116
Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...
CVE-2025-66291
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
CVE-2025-66290
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no...
CVE-2025-66290 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate Attachments
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no...
CVE-2025-66289
Summary: CVE-2025-66289 affects OrangeHRM versions 5.0–5.7, where sessions are not invalidated when a user is disabled or a password changes, allowing active session cookies to remain valid indefinitely. This enables continued access to protected pages by disabled users or attackers using comprom...
CVE-2023-43982
Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...
CVE-2023-45499
VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...
CVE-2023-45498
VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain a command injection vulnerability...
PT-2023-8529 · Vinchin · Vinchin Backup & Recovery
Name of the Vulnerable Software and Affected Versions: VinChin Backup & Recovery versions 5.0. through 7.0. Description: The issue is related to hardcoded credentials in the software. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected...
CVE-2023-28470
In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication...
CVE-2023-22283
On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacke...
CVE-2022-32192
Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor...
Cloudera Manager 跨站脚本漏洞
Cloudera Manager is an end-to-end application for managing CDH clusters.Cloudera Manager versions 5., 6., 7.1., 7.2., and 7.3. are vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via path parameters...
CVE-2017-0643
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,...
Samsung Information Disclosure Vulnerability
Samsung Android M and others is an Android smartphone from Samsung South Korea. A security vulnerability exists in Samsung mobile devices using Android L 5.0/5.1, M 6.0 and N 7.x versions. An attacker can exploit the vulnerability by reading log files to obtain sensitive information...
CVE-2016-7087
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2016-3885
debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACEATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal b...