EUVD-2026-23500

Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields...

CVE-2026-40503

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...

OpenText Identity Manager 安全漏洞

OpenText Identity Manager is an identity governance platform provided by OpenText Corporation in Canada, which offers capabilities for managing the identity lifecycle and access control. Version 25.2 of OpenText Identity Manager contains a security vulnerability. This vulnerability stems from...

CVE-2025-66955

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...

EUVD-2023-35381

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

CVE-2025-54148

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

CVE-2009-4514

Cross-site scripting XSS vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors...

CVE-2021-41324

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files or Cells files belonging to any user via the nodes parameter for Copy and Move or via the Path parameter for Delete...

CVE-2008-7283

Open Ticket Request System OTRS before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions...

CVE-2023-4374

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2022-27248

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to...

CVE-1999-0283

The Java Web Server would allow remote users to obtain the source code for CGI programs...

CVE-1999-0597

A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire...

CVE-1999-0086

AIX routed allows remote users to modify sensitive files...

CVE-2019-16653

An application plugin in Genius Bytes Genius Server Genius CDDS 3.2.2 allows remote authenticated users to gain admin privileges...

CVE-2025-52863

CVE-2025-52863 is a buffer overflow vulnerability reported to affect multiple QNAP OS versions. When a remote attacker obtains a user account, they can potentially modify memory or crash processes. Affected products and fixed versions are: QTS 5.2.7.3256 build 20250913 and later; QuTS hero h5.2.7...

CVE-2025-47208 QTS, QuTS hero

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same...

PT-2025-49989

Name of the Vulnerable Software and Affected Versions adata Software GmbH Mitarbeiterportal version 2.15.2.0 Description The software contains multiple incorrect access control issues. A remote, authenticated user with low privileges can perform administrative functions and modify data belonging ...

GHSA-MPMC-QCHH-R9Q8 Altcha Proof-of-Work obfuscation mode cryptanalytic break

A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction...

EUVD-2025-199600

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...