13 matches found
NPM: Astro: XSS via Unescaped Attribute Names in Spread Props
NPM: Astro: XSS via Unescaped Attribute Names in Spread Props vulnerability discovered by ? in WordPress Npm astro versions 6.4.6...
PT-2026-22406
Name of the Vulnerable Software and Affected Versions Statmatic versions 6.0.0 through 6.3.9 Description Statmatic is a Laravel and Git powered content management system CMS. Authenticated Control Panel users may, under certain conditions, obtain elevated privileges without completing the intende...
PT-2025-52983
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc3 Description A use-after-free issue exists in the Linux kernel related to the handling of OPP Operational Power Policy tables after probe deferral. Specifically, when dev pm opp of find icc paths in...
CVE-2025-55097 Potential out-of-bounds read in _ux_host_class_audio_streaming_sampling_get()
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudiostreamingsamplingget when parsing a descriptor of an USB streaming device...
AXIS Camera Station Pro 安全漏洞
AXIS Camera Station Pro is a powerful and flexible video management and access control from Axis Sweden. A security vulnerability exists in AXIS Camera Station Pro versions prior to 6.4, which originates from a non-administrative user being able to gain system privileges by redirecting file...
LogSign Unified SecOps Platform 操作系统命令注入漏洞
Logsign Unified SecOps Platform is a security operations platform from Logsign, Inc. for collecting, storing, analyzing, and responding to security data from a variety of sources. An operating system command injection vulnerability exists in LogSign Unified SecOps Platform versions prior to 6.4.8...
PT-2024-35091 · Hapi Fhir · Hapi Fhir
Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 6.4.0 Description: The XSLT parsing performed by various components in HAPI FHIR is vulnerable to XML external entity injections. This issue can be exploited by submitting a malicious XML file with a DTD tag,...
Ivanti Avalanche security breach
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche versions prior to 6.4.x. The vulnerability stems from the...
PT-2024-6879 · Ivanti · Ivanti Avalanche
Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.5 Description: The issue is related to a path traversal vulnerability that allows a remote unauthenticated attacker to bypass authentication. This is due to incorrect restriction of the path name to a...
PT-2024-2929 · Ivanti · Ivanti Avalanche
Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.3 Description: A Heap Overflow vulnerability in the WLInfoRailService component allows a remote unauthenticated attacker to execute arbitrary commands. The vulnerability is related to a buffer overflow i...
CVE-2022-4474
The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
YetiForceCrm 跨站脚本漏洞
YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in YetiForceCrm versions prior to 6.4.0, which stems from a lack of content validation and output encoding, and can be exploited by an attacker by uploading a carefully crafted...
LibreOffice Information Disclosure Vulnerability (CNVD-2020-35942)
LibreOffice is an open source office software suite from The Document Foundation TDF. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. An information disclosure vulnerability exists in versions of LibreOffice prior to 6.4.4. The...