CVE-2026-35587

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP...

CVE-2025-65032

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the...

CVE-2025-65033

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not...

EUVD-2025-198232

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not...

PT-2025-33391 · Posimyth · Nexter Blocks

Name of the Vulnerable Software and Affected Versions: Nexter Blocks versions through 4.5.4 Description: Missing authorization exists in POSIMYTH Nexter Blocks due to incorrectly configured access control security levels. Recommendations: At the moment, there is no information about a newer versi...

YesWiki 跨站脚本漏洞

YesWiki is a wiki system written in PHP by the French organization YesWiki. It is used to create and manage websites in a collaborative manner. A cross-site scripting vulnerability exists in YesWiki versions prior to 4.5.4, which stems from a cross-site scripting attack on the /?BazaR endpoint an...

IrfanView 缓冲区错误漏洞

IrfanView is an image viewer by the individual developer Irfan Skiljan from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A security vulnerability exists in IrfanView version 4.54, which stems from a user-mode write access conflict issue i...

IrfanView 缓冲区错误漏洞

IrfanView is an image viewer by the individual developer Irfan Skiljan from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A security vulnerability exists in IrfanView version 4.54, which stems from a user-mode write access conflict issue i...

IBOS 代码问题漏洞

IBOS is a collaborative office management system. A command injection vulnerability exists in ibos IBOS, which stems from a command injection vulnerability in database backup in IBOS 4.5.4 Open version. An attacker can exploit this vulnerability to gain server control privileges...

TYPO3 Authorization Issue Vulnerability (CNVD-2019-41222)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 versions prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4. An attacker can exploit the vulnerability by sending a specially crafted...

CVE-2017-11272

Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability...

CVE-2017-3094

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution...

Adobe Digital Editions Memory Corruption Vulnerability

Adobe Digital Editions DE is a set of e-book reading and management software of the United States Ordoby Adobe. Through the software can open, read and manage PDF, XML, Flash files. A memory corruption vulnerability exists in Adobe DE 4.5.4 and earlier versions. A remote attacker can exploit this...