CVE-2023-49198

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true=true=/=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue...

CVE-2009-4137

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...

CVE-2021-22409

There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal...

CVE-2022-0969

The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability i...

CVE-2020-7224

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load...

CVE-2020-7486

VERSION NOT SUPPORTED WHEN ASSIGNED A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this...

CVE-2020-24637

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000...

CVE-2024-41358

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...

CVE-2023-45656

Cross-Site Request Forgery CSRF vulnerability in Kevin Weber Lazy Load for Videos plugin = 2.18.2 versions...

CVE-2021-33636

When the isula load command is used to load malicious images, attackers can execute arbitrary code...

CVE-2025-23942

Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through = 2.1.6...

(0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the loadtoolmodulebyid function. The issue results from the lack of proper validation of a...

PT-2026-1996

Name of the Vulnerable Software and Affected Versions Open WebUI affected versions not specified Description A flaw exists in the load tool module by id function of Open WebUI that allows remote attackers to execute arbitrary code. Authentication is required for exploitation. The issue stems from...

aws-sg-cleanup (>=0.1.0 <=0.1.3), ec2-search (>=0.14.0 <=0.14.1) potentially affected by unknown CVE via aws-sdk-elasticloadbalancingv2 (>=0.15.0 <=0.9.0)

aws-sdk-elasticloadbalancingv2 CARGO version =0.15.0, =0.1.0, =0.14.0, =0.14.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

CVE-2025-69258

Trend Micro Apex Central is affected by CVE-2025-69258 (LoadLibraryEX). The vulnerability allows an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to code execution under the SYSTEM context on affected installations. Current public details indica...

CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...

NREL BEopt 代码问题漏洞

NREL BEopt is a residential building energy efficiency program calculator from the NREL organization in the United States. A code issue vulnerability exists in NREL BEopt version 2.8.0.0, which stems from an insecure library load that could lead to a DLL hijacking attack...

OpenLDAP <= 2.6.10 Heap Buffer Underflow Vulnerability

OpenLDAP is prone to a heap buffer underflow vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openldap:openldap";...

CVE-2026-22185 OpenLDAP LMDB mdb_load Heap Buffer Underflow in readline()

OpenLDAP Lightning Memory-Mapped Database LMDB versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline function of mdbload. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause...

GHSA-2PHV-J68V-WWQX pnpm vulnerable to Command Injection via environment variable substitution

Summary A command injection vulnerability exists in pnpm when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution RCE in build environments...