N2W 安全漏洞

N2W is a data backup and recovery software developed by N2W Corporation. Versions of N2W prior to 4.3.2 and 4.4.1 contained security vulnerabilities. These vulnerabilities were caused by improper validation of API request parameters, which could lead to remote code execution...

CVE-2025-59706

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is a network operating system developed by the American company Cisco. There is a security vulnerability in Cisco IOS XE Software, which stems from insufficient validation of API endpoint parameters. This vulnerability could allow authenticated remote attackers to gain...

EUVD-2026-14375

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

GHSA-WVQX-V3F6-W8RH jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

Tiki 安全漏洞

Tiki is a set of open-source content management and portal applications developed by the Tiki community. It can be used to create web applications, portals, intranets, extranets, etc. Versions of Tiki prior to 26.3 contained a security vulnerability, which was caused by insufficient parameter...

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of DSA domain parameters in the src/dsa-2.0.js file, which could lead to the creation of forg...

WordPress plugin Keep Backup Daily 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-3339 Keep Backup Daily <= 2.1.1 - Authenticated (Admin+) Limited Path Traversal via 'kbd_path' Parameter

The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the kbdopenuploaddir AJAX action. This is due to insufficient validation of the kbdpath parameter, which is only sanitized with sanitizetextfield - a function that do...

CVE-2026-32954

ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpoints were vulnerable to time-based and boolean-based blind SQL injection due to insufficient parameter validation, allowing attackers to infer database information. This issue h...

CVE-2026-32954 ERP has a possibility SQL Injection vulnerability due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpoints were vulnerable to time-based and boolean-based blind SQL injection due to insufficient parameter validation, allowing attackers to infer database information. This issue h...

CVE-2026-32954 ERP has a possibility SQL Injection vulnerability due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpoints were vulnerable to time-based and boolean-based blind SQL injection due to insufficient parameter validation, allowing attackers to infer database information. This issue h...

Frappe SQL注入漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 16.8.0 and 15.100.0 have a SQL injection vulnerability. This vulnerability stems from insufficient parameter validation, which ma...

Taskosaur 安全漏洞

Taskosaur is an open-source project management platform that integrates conversational AI. Version 1.0.0 of Taskosaur contains a security vulnerability; this vulnerability arises from incorrect validation of role parameters during the user registration process, which may lead to unauthorized...

ZimaOS 安全漏洞

ZimaOS is an open-source operating system project by IceWhaleTech, aimed at providing a lightweight, high-performance, and secure operating system environment. Version ZimaOS 1.5.2-beta3 contains a security vulnerability, which stems from insufficient validation of API path parameters. This...

CVE-2026-20102

A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the SAML feature and access sensitive,...

Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 跨站脚本漏洞

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...

Cisco Secure Firewall Threat Defense 安全漏洞

Cisco Secure Firewall Threat Defense is an integrated firewall platform developed by the American company Cisco. There is a security vulnerability present in Cisco Secure Firewall Threat Defense, which stems from insufficient validation of command parameters provided by users. This vulnerability...

CVE-2025-50188

CVE-2025-50188 affects Chamilo LMS prior to version 1.11.30. The vulnerability arises from insufficient validation of user-supplied data in GET parameters for the scripts /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php , enabling an attacker to alter database query log...

Chamilo SQL注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a SQL injection vulnerability. This vulnerability stemmed from insufficient validation of user data for the GET value parameters in the scripts /plugin/vchamilo/views/syncparams.php...