VulnCheck KEV: CVE-2025-1448

A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...

CVE-2025-43937

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able ...

CVE-2025-43935

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service...

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is an operating system developed by the American company Dell. It provides a horizontally scalable NAS solution through the PowerScale OneFS operating system. Versions of Dell PowerScale OneFS prior to 9.12.0.0 contained security vulnerabilities, which were due to improper...

CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...

CVE-2026-22052

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...

EUVD-2026-9399

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

PT-2026-23079

Name of the Vulnerable Software and Affected Versions NetApp ONTAP versions 9.12.1 and higher Description An information disclosure issue exists in NetApp ONTAP S3 NAS buckets. A successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which th...

CVE-2026-28136

CVE-2026-28136 concerns the WordPress WP SMS plugin up to version 6.9.12, with an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands. The issue affects WP SMS versions through 6.9.12 and can enable manipulation of database queries due to the vulnerab...

CVE-2026-22353

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in winkm89 teachPress teachpress allows Stored XSS.This issue affects teachPress: from n/a through = 9.0.12...

CVE-2022-25369

An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003060)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003060 advisory. The doshmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local use...

Atlassian Jira 9.12.x < 9.12.28 Path Traversal

According to its self-reported version number, the Atlassian Jira application running on the remote host is 9.12.x prior to 9.12.28, 10.3.x prior to 10.3.12 or 11.x prior to 11.1.0. It is, therefore, affected by a path traversal vulnerability. Note that the scanner has not tested for these issues...

Atlassian Jira 10.3.x < 10.3.12 Path Traversal

According to its self-reported version number, the Atlassian Jira application running on the remote host is 9.12.x prior to 9.12.28, 10.3.x prior to 10.3.12 or 11.x prior to 11.1.0. It is, therefore, affected by a path traversal vulnerability. Note that the scanner has not tested for these issues...

CVE-2025-43724

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares...

PT-2025-41270

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions prior to 9.12.0.0 Description The software contains an authorization bypass through a user-controlled key issue. A high privileged attacker with local access could potentially exploit this to gain unauthorized...

Path Traversal (Arbitrary Write) in Jira Software Data Center and Server

This High severity Path Traversal Arbitrary Write vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal Arbitrary Write vulnerability, with a CVSS Score of 8.7, allows an attacker to modify any filesystem...

CVE-2025-57956

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpcraft WooMS wooms allows Stored XSS.This issue affects WooMS: from n/a through = 9.12...

WordPress WooMS Plugin <= 9.12 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin WooMS versions = 9.12...

CVE-2025-57956 WordPress WooMS Plugin <= 9.12 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpcraft WooMS allows Stored XSS. This issue affects WooMS: from n/a through 9.12...