TON 安全漏洞

TON is a blockchain software developed under open source. Versions of TON prior to v2024.09 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of external parameters, which could allow attackers to exploit the system through specially crafted Continuation...

CVE-2026-0910

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforodisplayarraydata' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2026-0490

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on th...

PT-2026-7579

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin for WordPress versions prior to 2.4.14 Description The wpForo Forum plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the wpforo display array data function. This...

📄 glibc 2.38 Buffer Overflow

This is a local privilege escalation exploit for CVE-2023-4911, also known as "Looney Tunables", caused by a buffer overflow in the glibc dynamic loader's environment variable parsing logic. The vulnerability is triggered by crafting a maliciously long GLIBCTUNABLES string which corrupts internal...

glibc 2.38 - Buffer Overflow

Exploit Title: glibc 2.38 - Buffer Overflow Google Dork: N/A Date: 2025-10-08 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.gnu.org/software/libc/ Software Link: https://ftp.gnu.org/gnu/libc/glibc-2.35.tar.gz Version: glibc 2.35 specifically 2.35-0ubuntu3.3 on Ubuntu 22.04.3...

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2026-0508

The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled...

CVE-2026-24325

SAP BusinessObjects Enterprise contains a Stored XSS flaw due to insufficient encoding of user-controlled inputs. An admin user could inject JavaScript that executes when visiting the affected page. The issue has a CVSS v3.1 base score of 4.8 (Medium) with Network access, Low confidentiality and ...

CVE-2026-24324 Denial of service (DOS) vulnerability in SAP BusinessObjects Business Intelligence Platform (AdminTools)

SAP BusinessObjects Business Intelligence Platform AdminTools allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server CMS to crash, rendering the CMS partially or completely unavailable and resulting in the...

CVE-2026-0485 Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server CMS to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, renderin...

CVE-2026-0485

The CVE-2026-0485 entry relates to SAP BusinessObjects BI Platform where an unauthenticated attacker can send specially crafted requests that cause the Content Management Server (CMS) to crash and restart, leading to persistent unavailability. The impact is strictly on availability with confident...

Axis Camera Station Pro 安全漏洞

Axis Camera Station Pro is a video management software developed by the Swedish company Axis. There is a security vulnerability in Axis Camera Station Pro, which stems from insecure direct object references. This vulnerability may allow non-administrator users to modify or delete certain data...

SAP BusinessObjects Business Intelligence Platform 输入验证错误漏洞

The SAP BusinessObjects Business Intelligence Platform is a comprehensive business analytics platform developed by the German company SAP. This platform integrates market-leading SAP data integration products, data management products, and business intelligence BI solutions. It eliminates...

MongoDB Ruby Driver 安全漏洞

The MongoDB Ruby Driver is an open-source Ruby library developed by MongoDB. There is a security vulnerability in the MongoDB Ruby Driver, which may allow arbitrary Ruby code to be executed when processing specially crafted Hash r types...

PT-2026-7233

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...