12 matches found
EUVD-2026-30481
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
CVE-2026-44212
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
GHSA-PR96-94W5-MX2H @fastify/static vulnerable to path traversal in directory listing
Impact @fastify/static v9.1.0 and earlier serves directory listings outside the configured static root when the list option is enabled. A request such as /public/../outside/ causes dirList.path to resolve a directory outside the root via path.join without a containment check. A remote...
PT-2026-33321
Name of the Vulnerable Software and Affected Versions @fastify/static versions 8.0.0 through 9.1.0 Description Path traversal occurs when directory listing is enabled via the list option. The dirList.path function resolves directories outside the configured static root using path.join without a...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses xmldom-0.8.10.tgz which is vulnerable to this CVE-2021-32796
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses xmldom-0.8.10.tgz which is vulnerable to this CVE-2021-32796 Vulnerability Details CVEID:CVE-2021-32796 DESCRIPTION: xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParse...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Adobe Substance 3D Painter 缓冲区错误漏洞
Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. A buffer error vulnerability exists in Adobe Substance 3D Painter 9.1.1 and prior versions, which stems from an out-of-bounds read while parsing a carefully crafted file, which could result in a read...
CVE-2023-31926
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0...
Brocade Fabric OS Code Issue Vulnerability
Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. A code issue vulnerability exists in Brocade Fabric OS that stems from a security issue on the command line that allows a local user to dump files in the user's home directo...
CVE-2023-31425 - Privilege escalation via the fosexec command
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is...
PT-2021-24261 · Raw-Cpuid · Raw-Cpuid
Name of the Vulnerable Software and Affected Versions: raw-cpuid crate versions prior to 9.1.1 Description: The issue arises when the non-default serialize feature is activated, allowing most structs to implement serde::Deserialize without sufficient validation. This can lead to breaking invarian...
PT-2017-4164 · Dnn · Dnn
Name of the Vulnerable Software and Affected Versions: DNN aka DotNetNuke versions prior to 9.1.1 Description: The issue is related to insufficient protection of cookies, which can be exploited to gain unauthorized access to protected information and execute arbitrary code. This can be achieved...