54730 matches found
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei HarmonyOS camera module, which stems from a lack of proper validation of user-supplied data by the...
PT-2026-6704
Name of the Vulnerable Software and Affected Versions versions prior to 2026 affected versions not specified Description A use-after-free UAF concurrency vulnerability exists within the graphics module. Successful exploitation of this issue may impact system availability. Recommendations At the...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A type confusion vulnerability exists in the Huawei HarmonyOS camera module, which can be exploited by an attacker to cause usability to be compromised...
PT-2026-6849
Summary Critical Error-Based SQL Injection vulnerability in the Prima Nota Journal Entry module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error messages by injecting...
PT-2026-6701
Name of the Vulnerable Software and Affected Versions versions prior to 2026 affected versions not specified Description A heap-based buffer overflow vulnerability exists in the image module. Successful exploitation of this issue may affect availability. Recommendations At the moment, there is no...
Atlassian Confluence 7.7.x < 8.5.31 / 8.6.x < 9.2.13 / 9.3.1 < 10.2.2 (CONFSERVER-101878)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101878 advisory. - Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry o...
Atlassian Confluence 7.19 < 8.5.31 / 8.6.x < 9.2.13 / 9.3.x < 10.2.2 (CONFSERVER-101872)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101872 advisory. - Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an...
PT-2026-6712
Name of the Vulnerable Software and Affected Versions affected versions not specified Description An issue exists in the print module related to improper permission control. Successful exploitation could compromise service confidentiality. Recommendations At the moment, there is no information...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There are security vulnerabilities in Huawei HarmonyOS, which stem from improper standard security checks in the card module. These...
PT-2026-6698
Name of the Vulnerable Software and Affected Versions HDC module affected versions not specified Description An address read issue exists in the HDC module. Successful exploitation could impact system availability and confidentiality. Recommendations At the moment, there is no information about a...
CVE-2025-69215
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists...
CVE-2025-15343 Tanium addressed an incorrect default permissions vulnerability in Enforce.
Tanium addressed an incorrect default permissions vulnerability in Enforce...
Infinite loop
Overview @enclave-vm/core is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that explo...
Infinite loop
Overview enclave-vm is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that exploit hos...
GHSA-X39W-8VM5-5M3P Sandbox escape via infinite recursion and error objects
Note: The npm package has moved to @enclave-vm/core formerly enclave-vm. All fixed versions and guidance refer to @enclave-vm/core. Summary The existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the err...
Sandbox escape via infinite recursion and error objects
Note: The npm package has moved to @enclave-vm/core formerly enclave-vm. All fixed versions and guidance refer to @enclave-vm/core. Summary The existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the err...
CVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...
CVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...
CVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...
CVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...