CVE-2026-23624

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...

CVE-2025-60791

CVE-2025-60791 affects Easywork Enterprise 2.1.3.354. The vulnerability is Cleartext Storage of Sensitive Information in Memory, where device-bound license keys remain in process memory after a failed activation. An attacker with local access can attach a debugger or dump memory to retrieve keys ...

PYSEC-2024-49

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

PT-2024-22395 · Lektor · Lektor

Name of the Vulnerable Software and Affected Versions: Lektor versions prior to 3.3.11 Description: The issue concerns the lack of sanitization of database path traversal in Lektor. This allows shell commands to be executed via a file added to the templates directory under specific conditions. Th...

codeql action信息泄露漏洞

codeql action is a software application. It is used to run CodeQL, GitHub's industry-leading static analysis engine, on the repository's source code to find security vulnerabilities. codeql action has a security vulnerability that stems from an access token being visible to other processes on the...

CVE-2019-0786

An elevation of privilege vulnerability exists in the Microsoft Server Message Block SMB Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'...