CVE-2026-7689

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

CVE-2026-40915

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel...

EUVD-2026-19001

A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been...

CVE-2026-3734

SourceCodester Client Database Management System 1.0 is affected in the Endpoint feature, specifically the /fetch_manager_details.php function. The vulnerability arises from manipulation of the argument manager_id, leading to improper authorization. This can be exploited remotely; exploit is publ...

CVE-2025-15197

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated...

CVE-2023-53773

MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tvaction.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tvaction.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg...

HP Integrated Lights-Out Information Disclosure (CVE-2020-7202)

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 iLO 5 and Integrated Lights-Out 4 iLO 4 firmware. The vulnerability could be remotely exploited to disclose the serial number and other information. This plugin only works with Tenable.ot. Please visit...

CVE-2025-10374

A security flaw has been discovered in Shenzhen Sixun Business Management System 7/11. This affects an unknown part of the file /Adm/OperatorStop. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the...

CVE-2025-10278 YunaiV ruoyi-vue-pro transfer improper authorization

A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and...

CVE-2025-9094

CVE-2025-9094 affects ThingsBoard 4.1 in the Add Gateway Handler component, where improper neutralization of special elements in a template engine enables remote exploitation. Publicly disclosed exploit; vendor notes a fix in upcoming release (v4.2) with maintenance/LTS updates starting from 4.0....

OESA-2025-1331 zvbi security update

The ZVBI library provides functions to read from Linux V4L, V4L2 and FreeBSD BKTR raw VBI capture devices, from Linux DVB devices and from a VBI proxy to share V4L and V4L2 VBI devices between multiple applications. It can demodulate raw to sliced VBI data in software, with support for a wide ran...

PT-2025-6862 · Ywoa · Ywoa

Name of the Vulnerable Software and Affected Versions: ywoa versions up to 2024.07.03 Description: A critical issue has been identified, affecting unknown code in the /oa/setup/setup.jsp file. This leads to improper authorization and can be exploited remotely. The issue has been publicly disclose...

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django-Unicorn versions prior to 0.61.0, which stems from...

Vulnerabilities fixed in Adobe Coldfusion

Adobe has fixed vulnerabilities in Coldfusion. A unauthenticated remote malicious person could exploit them to bypass a security measure and execute arbitrary execute arbitrary code with permissions from the application that uses Coldfusion uses and thus potentially gain access to sensitive data...

SUSE CVE-2014-6456

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

SUSE CVE-2014-6491

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500...

OhMiBod Remote app for Android and iOS User Impersonation Vulnerability

OhMiBod Remote app for Android and iOS is a wireless remote control app for Android and iOS based platforms. A security vulnerability exists in the OhMiBod Remote app for Android and iOS based platforms. A remote attacker can exploit the vulnerability by sniffing network traffic and editing the...

CVE-2017-3382

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded Components (CNVD-2016-09780)

Oracle Java SE and Java SE Embedded are both products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, as well as embedded devices and real-time environments; Java SE Embedded is a Java platform for the developmen...

The vulnerability of the Gentoo Linux operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the libcdaudio package up to version 0.99.12-r1 of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...