Missing Authorization

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Missing Authorization in the filedelete process. An attacker can permanently delete files from folders where they only have view acce...

CVE-2026-41076

RT authentication bypass via LDAP affects versions 5.0.9 and earlier and 6.0.0–6.0.2, where certain LDAP configurations allow login as any LDAP-backed RT user without valid credentials. The issue is fixed in RT 5.0.10 and 6.0.3. Recommended remediation: upgrade to the fixed versions; if upgrading...

EUVD-2026-31500

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can caus...

WordPress Plugin RSS Aggregator Cross-Site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-63214

An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts...

CVE-2023-35907

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

HP Device Manager 命令注入漏洞

HP Device Manager HPDM is a device manager from Hewlett-Packard HP in the United States. A security vulnerability exists in HP Device Manager versions prior to 5.0.10 that stems from the presence of a command execution or elevation of privilege vulnerability...

HP Device Manager 命令注入漏洞

HP Device Manager HPDM is a device manager from Hewlett-Packard HP in the United States. A security vulnerability exists in HP Device Manager versions prior to 5.0.10 that originates from allowing command injection or elevation of privilege...

HP Device Manager 命令注入漏洞

HP Device Manager HPDM is a device manager from Hewlett-Packard HP in the United States. A security vulnerability exists in HP Device Manager versions prior to 5.0.10 that stems from the presence of a command execution or elevation of privilege vulnerability...

PT-2023-20592 · Hewlett Packard · Hp Device Manager

Name of the Vulnerable Software and Affected Versions: HP Device Manager versions prior to 5.0.10 Description: The issue potentially allows command injection and/or elevation of privileges. Recommendations: For versions prior to 5.0.10, update to version 5.0.10 or later to resolve the issue...

DEBIAN-CVE-2021-3470

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use...

finecms Weixin.php file cross-site scripting vulnerability

finecms is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the Weixin.php file in finecms version 5.0.10. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...