Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system CMS developed by Craft Studio. There are code vulnerabilities in Craft CMS, which are caused by attacks that can be exploited through server-side request forgeing. The following versions are affected: from version 4.x to 4.17.8, and from versi...

CVE-2026-25532

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

QNAP QTS Multiple Vulnerabilities (QSA-25-45)

QNAP QTS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...

CVE-2025-49810

Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...

Eppler Software WebTester 安全漏洞

Eppler Software WebTester is an online exam and quiz platform from Eppler Software. A security vulnerability exists in Eppler Software WebTester version 5.x. The vulnerability stems from a failure to clean up user input in the install2.php script, which could lead to remote command execution...

Adobe Photoshop 资源管理错误漏洞

Adobe Photoshop is a suite of image processing software from the American company Audobee Adobe. The software is primarily used for processing images. A resource management error vulnerability exists in Adobe Photoshop versions 24.x prior to 24.7.3, and 25.x prior to 25.9.1, which stems from bein...

Chef InSpec Code Injection Vulnerability

Chef Software Chef InSpec is an open source automated testing and compliance checking framework from Chef Software designed to help developers and operations teams write, run, and maintain automated test scripts to validate the compliance and security of applications and infrastructure. A securit...

PT-2023-15103 · Vocera · Vocera Voice Server +2

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for a Path Traversal during an Unzip operation. The Vocera Report Console contains a websocket function that allows for the...

Fortinet FortiWeb 缓冲区错误漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists in Fortinet...

PT-2023-11820 · Ionicabizau · Node-Gry

Name of the Vulnerable Software and Affected Versions: IonicaBizau node-gry versions up to 5.x Description: A critical issue was found, affecting an unknown part of the software, leading to command injection. The estimated number of potentially affected devices worldwide is not available. There i...

PT-2022-19202 · Unknown · Aenrich A+Hrd 5.X Learning Management Key Performance Indicator System

Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD 5.x Learning Management Key Performance Indicator System version 5.x Description: The issue is related to a local file inclusion LFI vulnerability due to missing input validation. Recommendations: For version 5.x, update to a...

PT-2021-7842 · Rockwell Automation · Isagraf Runtime

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x Description: The issue is related to errors in handling relative paths to directories with limited access in the eXchange Layer IXL component of the Rockwell Automation ISaGRAF...

VMware Horizon Client Elevation of Privilege Vulnerability

VMware Horizon Client is a client application for connecting to VMware Horizon virtual desktops from VMware. An elevation of privilege vulnerability exists in VMware Horizon Client 5.x and earlier versions for Windows-based platforms, which can be exploited by a local attacker to run commands as ...

vBulletin Remote Command Execution Vulnerability (CNVD-2019-42750)

vBulletin is the United States InternetBrands and vBulletinSolutions, Inc. of a PHP and MySQL-based open source Web forum program . A remote command execution vulnerability exists in vBulletin versions 5.x through 5.5.4, which can be exploited by an attacker to execute commands with the help of t...

Red Hat JBoss Enterprise Application Platform Remote Code Execution Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. A remote code execution vulnerability exists in the...

CVE-2016-0806

The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453...

UBUNTU-CVE-2016-0804

The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary cod...

PT-2009-4527 · Drupal · Nodequeue

Name of the Vulnerable Software and Affected Versions: Nodequeue versions 5.x before 5.x-2.7 Nodequeue versions 6.x before 6.x-2.2 Description: A cross-site scripting XSS issue allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via...