编号撤回

Sitecore Experience Platform XP and others are products of Sitecore, a Danish company.Sitecore Experience Platform is a suite of customer digital experience platforms.Sitecore Experience Manager XM is a management software. Sitecore Experience Commerce XC is a natively integrated, cloud-enabled...

PT-2025-30884 · Sitecore · Sitecore Cms +1

Name of the Vulnerable Software and Affected Versions: Sitecore Experience Platform XP versions 7.5 through 10.2 Sitecore CMS versions 7.2 through 7.2 Update-6 Description: A cross-site scripting XSS issue exists that may allow authenticated Sitecore Shell users to execute custom JavaScript code...

PT-2025-30893

Name of the Vulnerable Software and Affected Versions Sitecore Experience Manager XM versions 9.2 Initial Release through 10.4 Initial Release Sitecore Experience Platform XP versions 9.2 Initial Release through 10.4 Initial Release Sitecore Experience Commerce XC versions 9.2 Initial Release...

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

CVE-2025-26850

The agent in Quest KACE Systems Management Appliance SMA before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the improper enforcement of resource limits in the nftables rules generation process for managed bridge networks. An attacker can exhaust the DHCP pool and disrupt network...

CVE-2025-5966

CVE-2025-5966 affects Zohocorp ManageEngine Exchange Reporter Plus versions 5722 and earlier. The vulnerability is a Stored XSS in the Attachments by filename keyword report, enabling script execution when a crafted filename is processed by the report feature. The issue is confirmed across multip...

SUSE CVE-2022-50218

In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028remove The driver use the non-managed form of the register function in isl29028remove. To keep the release order as mirroring the ordering in probe, the driver should use non-manag...

CVE-2022-50218

In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028remove The driver use the non-managed form of the register function in isl29028remove. To keep the release order as mirroring the ordering in probe, the driver should use non-manag...

DEBIAN-CVE-2022-50218

In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028remove The driver use the non-managed form of the register function in isl29028remove. To keep the release order as mirroring the ordering in probe, the driver should use non-manag...

UBUNTU-CVE-2022-50218

In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028remove The driver use the non-managed form of the register function in isl29028remove. To keep the release order as mirroring the ordering in probe, the driver should use non-manag...

UBUNTU-CVE-2025-38056

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix UAF when reloading module hdagenericmachineselect appends -idisp to the tplg filename by allocating a new string with devmkasprintf, then stores the string right back into the global variable...

PT-2025-25649 · Citrix · Netscaler Console +1

Name of the Vulnerable Software and Affected Versions: NetScaler Console and NetScaler SDX SVM affected versions not specified Description: A security issue has been identified, allowing for arbitrary file read. This affects customer-managed environments. Recommendations: At the moment, there is ...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: leds: mlxreg: Use devmmutexinit for mutex initialization In this driver, LEDs are registered using devmledclassdevregister, so they are automatically unregistered after the module’s remove function is called. The...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: fbdev: hypervfb: Allow graceful removal of framebuffer When a Hyper-V framebuffer device is unbind, hypervfb driver tries to release the framebuffer forcefully. If this framebuffer is in use it produce the following WARN and henc...

CVE-2025-48953

Umbraco is an ASP.NET content management system CMS. Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and...

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's MSP SimpleHelp remote monitoring and management RMM tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a tri...

Planet FW-WGS-804HPT web_snmpv3_remote_engineId_add_post function buffer overflow vulnerability

Planet FW-WGS-804HPT is a wall mounted managed switch from Planet China. The Planet FW-WGS-804HPT suffers from a buffer overflow vulnerability that originates from the failure of the remoteip parameter in the websnmpv3remoteengineIdaddpost function to properly validate the length of the input dat...

Planet FW-WGS-804HPT web_snmp_notifyv3_add_post function buffer overflow vulnerability

Planet FW-WGS-804HPT is a wall mounted managed switch from China PLANET. The Planet FW-WGS-804HPT suffers from a buffer overflow vulnerability that originates from the hostip parameter in the websnmpnotifyv3addpost function failing to correctly validate the length of the input data, which can be...

Planet FW-WGS-804HPT web_radiusSrv_post function buffer overflow vulnerability

Planet FW-WGS-804HPT is a wall mounted managed switch from China PLANET. The Planet FW-WGS-804HPT suffers from a buffer overflow vulnerability that originates from the failure of the radIpkey parameter in the webradiusSrvpost function to correctly validate the length of the input data, which can ...