509 matches found
Sz-Admin 安全漏洞
Sz-Admin is a mid-tier management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter userId in files/api/admin/sys-user/reset/password/, which could...
CVE-2026-3049
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...
Horilla 输入验证错误漏洞
Horilla is a free open-source human resources software developed by Horilla Company. Versions of Horilla 1.0.2 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from incorrect handling of the parameter prevurl in the Query Parameter Handler...
PJSIP 安全漏洞
PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. PJSIP versions 2.16 and earlier contained security vulnerabilities, which stemmed from buffer overflows when...
Intel Optane PMem management software 代码问题漏洞
Intel Optane PMem management software is a persistent memory management software developed by Intel Corporation. Previous versions of Intel Optane PMem management software, such as CRMGMT02.00.00.4052 and CRMGMT03.00.00.0538, contained code vulnerabilities due to improper conditional checks, whic...
PT-2026-6200
Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A broken access control issue allows authenticated students to add content to existing course units, despi...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38191)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38191 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in...
CVE-2025-11044 Vulnerability on Automation Runtime my cause DoS Conditions
An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service...
.NET 9.0 Update - January 13, 2026
.NET 9.0 Update - January 13, 2026 .NET 9.0 has been refreshed with the latest update as of January 13, 2026. This update contains non-security fixes. See the release notes for details about updated packages..NET 9.0 servicing updates are upgrades. The latest servicing update for 9.0 will remove...
CVE-2019-20842
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels...
Commvault CommandCenter < 11.36.60 Unauthorized API Access
Commvault CommandCenter versions prior to 11.36.60 contain a vulnerability in a known login mechanism that allows unauthenticated attackers to execute API calls without requiring user credentials. No source data...
PT-2026-25910
Summary Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer. Details The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from the...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992439)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992439 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: fix overlap expiration walk The lazy gc on insert that should remove...
CVE-2025-67846
The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that...
PT-2025-52609
CVE-2025-67047 - Apache OpenSSH Remote Code Execution Vulnerability CVE ID : CVE-2025-67047 Published : Dec. 19, 2025, 4:15 p.m. | 2 hours, 8 minutes ago Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67036. Reason: This record is a reservation duplicate of...
Improper Authentication
ibexa/user is vulnerable to improper authentication. The vulnerability is due to an error in the password validation logic during the transition from v4 to v5, which allows an attacker to change the account password without knowing the previous password by exploiting an active authenticated sessi...
CVE-2025-64607 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
Ibexa User Bundle is missing password change validation
Impact The vulnerability is in the password change dialog in the back office. During the transition from v4 to v5 a mistake was made in the validation code which caused the validation of the previous password to not run as expected. This made it possible for a logged in user to change password in...
Adobe ColdFusion 输入验证错误漏洞
Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.6 release and security update
An update is now available for Red Hat JBoss Web Server 5.8 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...