4467 matches found
CVE-2024-2731
Users with low privileges all permissions deselected in the administrator permissions settings can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users c...
CVE-2024-2730
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available...
Linux Distros Unpatched Vulnerability : CVE-2025-13034
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify...
PT-2026-1521
Name of the Vulnerable Software and Affected Versions TRENDnet TEW-713RE version 1.02 Description A flaw exists in TRENDnet TEW-713RE that allows for remote operating system command injection. The issue is located in the /goformX/formFSrvX file, specifically through manipulation of the SZCMD...
Linux Distros Unpatched Vulnerability : CVE-2023-54203
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix slab-out-of-bounds in initsmb2rsphdr When smb1 mount fails, KASAN detect slab-out-of-bounds in initsmb2rsphdr like the following one. For smb1...
CVE-2026-21432
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...
CVE-2026-21431
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...
CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...
CVE-2026-21429
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...
CVE-2026-21429 Emlog has Broken Access Control (BAC)
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...
PT-2026-1055
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 that allows for remote code execution. The issue stems from a SQL injection point within an unknown function in the /kp/PrintZPYG.jsp file. Specifically, manipulating the...
PT-2026-1113
Name of the Vulnerable Software and Affected Versions Emlog version 2.5.23 Description Emlog is a website building system. In version 2.5.23, administrators can configure controls that prevent users from editing or deleting their articles after they are published. No patched versions are currentl...
Linux Distros Unpatched Vulnerability : CVE-2023-54218
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: Fix load-tearing on sk-skstamp in sockrecvcmsgs. KCSAN found a data race in sockrecvcmsgs where the read access to sk-skstamp needs READONCE. BUG: KCSAN:...
Linux Distros Unpatched Vulnerability : CVE-2023-54176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: stricter state check in mptcpworker As reported by Christoph, the mptcp protocol can run the worker when the relevant msk socket is in an unexpected stat...
Linux Distros Unpatched Vulnerability : CVE-2023-54300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 wifi: ath9k: avoid uninit memory read in...
CVE-2025-69205
Micro Registration Utility µURU is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special by asterisk can be injected into the Dial...
Linux Distros Unpatched Vulnerability : CVE-2023-54216
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: TC, Fix using eswitch mapping in nic mode Cited patch is using the eswitch object mapping pool while in nic mode where it isn't initialized. This...
Linux Distros Unpatched Vulnerability : CVE-2023-54306
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: tls: avoid hanging tasks on the txlock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we...
CVE-2025-69205
Micro Registration Utility µURU is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special by asterisk can be injected into the Dial...
CVE-2025-69205
The CVE-2025-69205 entry affects Micro Registration Utility (µURU), a telephony self-registration tool built on top of Asterisk. The vulnerability occurs in versions up to commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, where an attacker can craft a special federation name containing characters ...