EUVD-2023-50669

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...

Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system CMS developed by Craft Studio. There are code vulnerabilities in Craft CMS, which are caused by attacks that can be exploited through server-side request forgeing. The following versions are affected: from version 4.x to 4.17.8, and from versi...

CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

CVE-2026-3207

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

CVE-2026-3207

The CVE concerns TIBCO BPM Enterprise (4.x) JMX security: a configuration issue allows unauthorized access. Affected component is Java Management Extensions (JMX) handling in BPM Enterprise. The CVSS v4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N, CIA impacts: Confidentiality HIGH, Integrity HIGH, Availab...

JLSEC-2025-301 A flaw was found in tiffcrop, a program distributed by the libtiff package

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff...

Adobe Photoshop 资源管理错误漏洞

Adobe Photoshop is a suite of image processing software from the American company Audobee Adobe. The software is primarily used for processing images. A resource management error vulnerability exists in Adobe Photoshop versions 24.x prior to 24.7.3, and 25.x prior to 25.9.1, which stems from bein...

Chef InSpec Code Injection Vulnerability

Chef Software Chef InSpec is an open source automated testing and compliance checking framework from Chef Software designed to help developers and operations teams write, run, and maintain automated test scripts to validate the compliance and security of applications and infrastructure. A securit...

DEBIAN-CVE-2023-1916

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff...

SUSE CVE-2023-1916

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff...

SUSE CVE-2012-0768

The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service memory...

PT-2023-10331 · Salesforce · Salesforcemobilesdk-Windows

Name of the Vulnerable Software and Affected Versions: SalesforceMobileSDK-Windows versions up to 4.x Description: A critical issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs, leading to sql injection. This issue only affects products that are no...

PT-2021-7842 · Rockwell Automation · Isagraf Runtime

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x Description: The issue is related to errors in handling relative paths to directories with limited access in the eXchange Layer IXL component of the Rockwell Automation ISaGRAF...

Espressif ESP-IDF Buffer Error Vulnerability

Espressif ESP-IDF is an IoT development framework from China's Lexin Information Technology Espressif. A buffer error vulnerability exists in Espressif ESP-IDF, which can be exploited by attackers to crash an application. The following products and versions are affected: Espressif ESP-IDF 2.x,...

CVE-2018-16417

Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection...

You can change the Elastic Layer repository in the registry without reimaging (4.x)

...

Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. It can also create self-extracting encrypted files. Self-extracting encrypted files created by AttacheCase contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...

Red Hat JBoss Enterprise Application Platform Remote Code Execution Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. A remote code execution vulnerability exists in the...

DBD::mysql content misreference vulnerability

DBD::mysql is a Perl5 Database Interface DBI driver for MySQL. A content misreference vulnerability exists in DBD::mysql version 3.x and version 4.x prior to 4.041. An attacker can exploit this vulnerability to execute arbitrary code...