50 matches found
EUVD-2026-28826
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...
TP-Link Archer C7 安全漏洞
The TP-Link Archer C7 is a router produced by the TP-Link company. The TP-Link Archer C7 Build 20220715 and earlier versions have security vulnerabilities. These vulnerabilities stem from insufficient encryption strength, which may allow password recovery attacks to occur...
QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both QNAP Systems QTS and QNAP Systems QuTS hero have security vulnerabilities; these vulnerabilities stem from command injecti...
PT-2026-24459
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.10 Parse Server versions prior to 8.6.23 Description Parse Server’s rate limiting middleware, applied at the Express middleware layer, is bypassed when processing sub-requests internally through the...
CVE-2025-67781
DriveLock is affected across multiple tracks: versions 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5 on Windows suffer privilege escalation via local unprivileged users manipulating privileged processes. The root cause is not explicitly detailed in the provided documents beyond t...
CVE-2025-20379
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...
EUVD-2025-35702
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...
EUVD-2025-26142
Malicious code in bioql PyPI...
Adobe Acrobat < 20.005.30793 / 24.001.30264 / 25.001.20693 Multiple Vulnerabilities (APSB25-85)
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 20.005.30793, 24.001.30264, or 25.001.20693. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After...
CVE-2025-34163
Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...
CVE-2025-34163
Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...
CVE-2025-34160 AnyShare ServiceAgent API Unauthenticated RCE
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...
ALPINE-CVE-2025-46804
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...
authentik 授权问题漏洞
authentik is an open source identity provisioning application from authentik open source. An authorization issue vulnerability exists in authentik versions prior to 2024.12.4 and 2025.2.3, which stems from a session deletion issue in the database session store that could cause a session to remain...
PT-2025-12354 · Luxion · Luxion Keyshot
Name of the Vulnerable Software and Affected Versions: Luxion KeyShot versions 2024 13.0.0 Build 92 and 4.10.171 Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required, as the target must visit a...
AZL-58854 CVE-2025-0495 affecting package moby-buildx for versions less than 0.7.1-25
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
Ivanti CVE-2025-0282 Checker
This script allows you to safely scan and test to see if you are vulnerable to CVE-2025-0282, a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a...
Acronis Cyber Protect 代码问题漏洞
Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Switzerland. Combining backup, anti-malware, network security and endpoint management features such as vulnerability assessment, URL filtering, patch management and more. A code issue...
QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems.QNAP Systems QTS is a starter operating system.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP QTS prior to version 5.2.1.2930 build 20241025 and QuTS hero...
OESA-2024-1873 ffmpeg security update
FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: An integer overflow...