ROS-20260114-7322

A vulnerability in the pfifotailenqueue function net/sched/schfifo.c of the Linux operating system kernel is associated with a functionality mismatch according to the specification. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of...

CVE-2026-0506

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...

CVE-2026-0506

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...

Microsoft Excel 访问控制错误漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to bypass certain features...

CVE-2025-67913

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through 3.0.3...

CVE-2023-40158

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and...

CVE-2025-14598 CVE-2025-14598

BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database...

CVE-2021-31987

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients...

CVE-2021-31988

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed CRLF control characters and include arbitrary SMTP headers in the generated test email...

CVE-2022-35500

Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting XSS via leave comment functionality...

CVE-2019-18205

Multiple Reflected Cross-site Scripting XSS vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input encoded in base64. This also applies to the search functionality for the searchKey parameter...

CVE-2020-10098

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

CVE-2006-1047

Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors...

CVE-2024-39817

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App...

CVE-2023-25785

Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5...

CVE-2023-45009

Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot for Contact Form 7: from n/a through 1.11.3...

CVE-2023-40673

: Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02...

CVE-2025-14275

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2022-23485

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...

CVE-2024-39625

Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24...