35 matches found
EUVD-2022-55999
backpack/crud provides Create, Read, Update & Delete CRUD functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
EUVD-2026-28431
Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...
GitLab Enterprise Edition(EE) 安全漏洞
GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. Versions of GitLab EE prior to 18.8.7, 18.9.3, and 18.10.1 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow authenticated users with...
Rails 安全漏洞
Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. There are security vulnerabilities in versions of Rails Active Support before 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from digital helper functions...
CVE-2026-29101
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service DoS vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...
ImageMagick 资源管理错误漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-16 and 6.9.13-41 contained a resource management vulnerability. This vulnerability stemmed from the...
PT-2026-21635
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description ImageMagick is software used for editing and manipulating digital images. A heap buffer overflow write issue exists in the ReadYUVImage function...
Acronis Cyber Protect 访问控制错误漏洞
Acronis Cyber Protect is an enterprise-oriented network protection solution developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management including vulnerability assessment, URL filtering, patch management, etc.. Versions prio...
HubSpot Jinjava 安全漏洞
HubSpot Jinjava is an application developed by a personal developer at HubSpot in the United States. It provides a Java-based template engine and Django template syntax, suitable for rendering Jinja templates. There were security vulnerabilities in versions of HubSpot Jinjava prior to 2.7.6 and...
Wikimedia CheckUser 安全漏洞
Wikimedia CheckUser is a advanced investigation tool of the Wikimedia Foundation designed to combat disruptive behavior. Versions of Wikimedia CheckUser prior to 1.39.14, 1.43.4, and 1.44.1 contained security vulnerabilities, which were caused by a flaw in the includes/Mail/UserMailer.Php file...
CVE-2025-61641 API list=allpages with maxsize is making really slow queries
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
PT-2025-49684
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.32 and 2.11.31 through 3.6.2 Description Traefik is an HTTP reverse proxy and load balancer. Requests using PathPrefix, Path, or PathRegex matchers can bypass path normalization. When Traefik uses path-based...
Logrus 安全漏洞
Logrus is a logging library for Go by the individual developer Simon Eskildsen. A security vulnerability exists in Logrus versions prior to 1.8.3, 1.9.0, and 1.9.2, which stems from a denial of service that can be caused by logging a single line with a payload greater than 64KB...
CVE-2025-26516
CVE-2025-26516 affects StorageGRID (formerly StorageGRID Webscale); versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service on the Admin node when exploited by an unauthenticated attacker. The available documents do not specify the exact root cause or exploitation details....
PT-2025-38596
Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951 Vasion Print Application versions prior to 20.0.2368 Description Vasion Print formerly PrinterLogic Virtual Appliance Host and Application contain an...
PT-2025-38608
Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 Vasion Print Application versions prior to 20.0.1923 Description Vasion Print formerly PrinterLogic Virtual Appliance Host and Application contain an arbitrar...
Linux Distros Unpatched Vulnerability : CVE-2019-2552
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and...
CVE-2025-8714 PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...
CVE-2025-55163
Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent...