8 matches found
CLEANSTART-2026-TK12973 Security fixes for CVE-2025-54410, CVE-2026-32952, CVE-2026-33186, ghsa-4vq8-7jfc-9cvp, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj applied in versions: 9.2.8-r0, 9.2.8-r1
Multiple security vulnerabilities affect the elastic-beats package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2024-3181
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS...
CVE-2024-2753
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings scre...
PT-2024-22823 · Synology · Synology Surveillance Station
Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 9.2.0-9289 Synology Surveillance Station versions prior to 9.2.0-11289 Description: A missing authorization vulnerability in the GetStmUrlPath webapi component allows remote authenticated users ...
PT-2022-7267 · Atlassian · Bamboo Server +1
Name of the Vulnerable Software and Affected Versions: codeplex-codehaus affected versions not specified Bamboo Data Center and Server versions 9.2.1 through 9.2.7 Description: A flaw was found in codeplex-codehaus, allowing a directory traversal attack to access files and directories stored...
CVE-2022-0574
Improper Access Control in GitHub repository publify/publify prior to 9.2.8...
PT-2022-13270 · Publify · Publify
Name of the Vulnerable Software and Affected Versions: publify/publify versions prior to 9.2.8 Description: The issue concerns improper access control in the GitHub repository publify/publify. It allows anonymous users to leave comments on articles in draft mode, even though they cannot view thes...
UBUNTU-CVE-2018-19565
A buffer over-read in cropmaskedpixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information...