CVE-2026-26002 OnDemand susceptible to malicious input when navigating to a directory.

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

CVE-2026-26002

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

CVE-2026-26002

CVE-2026-26002 affects the Open OnDemand Files application. Versions prior to 4.0.9 and 4.1.3 are susceptible to malicious input when navigating to a directory. This issue has been patched in 4.0.9 and 4.1.3; versions below these remain vulnerable. Remediation: upgrade to 4.0.9 or 4.1.3 or later ...

CVE-2022-40970

creationtimestamp| type| source ---|---|--- 2025-05-28 20:19:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqazn5vm7w2w...

CVE-2022-4095

creationtimestamp| type| source ---|---|--- 2025-02-26 16:24:19+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5525...

WordPress plugin Booknetic 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7-Zip Mark-of-the-Web Bypass

Proof of concept exploit that allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. All versions before 24.09 are considered vulnerable...

OESA-2024-1051 netdata security update

netdata is the fastest way to visualize metrics. It is a resource efficient, highly optimized system for collecting and visualizing any type of realtime time-series data, from CPU usage, disk activity, SQL queries, API calls, web site visitors, etc. netdata tries to visualize the truth of now, in...

CVE-2023-49409

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet...

PT-2023-5377 · D Link · D-Link Di-7200Gv2

Name of the Vulnerable Software and Affected Versions: D-Link DI-7200G V2 version 21.04.09E1 Description: The issue is related to a buffer overflow in the arp sys.asp component of the D-Link DI-7200G V2 router's firmware when processing the zn jb parameter. This can allow a remote attacker to...

CVE-2022-4099

creationtimestamp| type| source ---|---|--- 2023-01-03 00:17:01+00:00| seen| https://t.me/cibsecurity/55762 2025-04-10 18:49:25+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11308...

PT-2022-25394 · WordPress · The Return Refund/Exchange For Woocommerce

Name of the Vulnerable Software and Affected Versions: Return Refund and Exchange For WooCommerce WordPress plugin versions prior to 4.0.9 Description: The issue concerns the lack of validation for attachment files uploaded via an AJAX action. This action is accessible to unauthenticated users,...

Schneider Electric GP-Pro EX 代码问题漏洞

Schneider Electric GP-Pro EX is a suite of HMI interface editing and logic programming software from Schneider Electric France. A code issue vulnerability exists in Schneider Electric GP-Pro EX, which arises from the product's failure to properly filter special elements in the search path. The...

ZTE ZXIPTV 跨站脚本漏洞

ZTE ZXIPTV is a set-top box from ZTE ZTE. A cross-site scripting vulnerability exists in ZTE ZXIPTV EASP version 5.06.04.09, which stems from the application's lack of validation of user input data and filtering of input data. The vulnerability can be exploited by an attacker to trick a user into...

UBUNTU-CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

PT-2021-4569 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.0.9 Redmine versions 4.1.x prior to 4.1.3 Redmine versions 4.2.x prior to 4.2.1 Description: The issue allows attackers to bypass the add issue notes permission requirement by leveraging the incoming mail handler...

UBUNTU-CVE-2019-10203

PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS...

AZL-45291 CVE-2018-16335 affecting package openjpeg2 2.3.1-12

newoffsets handling in ChopUpSingleUncompressedStrip in tifdirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a...

PHP Scripts Mall advanced-real-estate-script Cross-Site Request Forgery Vulnerability

PHP Scripts Mall advanced-real-estate-script is a PHP and MySQL based real estate website system script by PHP Scripts Mall India. A cross-site request forgery vulnerability exists in PHP Scripts Mall advanced-real-estate-script version 4.0.9. A remote attacker can exploit this vulnerability to...

EMC RSA BSAFE Micro Edition Suite TLS Man-in-the-Middle Attack Vulnerability

EMC RSA BSAFE Micro Edition Suite MES is an encryption toolkit from EMC Corporation. The toolkit helps developers achieve stable and secure application design.TLS Transport Layer Security is a set of protocols used to provide confidentiality and data integrity between two communicating...