PT-2026-43478

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization n the ServerSecurityUser.getDatabaseUser and ArcadeDBServer.createDatabase processes. An attacker can gain unauthorized access to read, write, and modify schema and data across databases by exploiting improper...

Google Pixel Buffer Overflow Vulnerability (CNVD-2025-16956)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from a lack of bounds checking, which allows out-of-bounds reads of memory and can be exploited by an attacker to run arbitrary code in the context of an...

CVE-2023-27578

Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from a lack of bounds checking, which allows out-of-bounds reads of memory and can be exploited by an attacker to run arbitrary code in the context of an...

OneDev 信息泄露漏洞

OneDev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. A security vulnerability exists in versions...

Open redirect

An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP Open Charge Point Protocol for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is...

CVE-2023-27578 Galaxy vulnerable to unauthorized modification of pages/visualizations due to insufficient permission check

Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...

postgresql:10 security update

An update is available for postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system DBM...

postgresql:13 security update

An update is available for pgrepack, postgresql, pgaudit, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced...

RHEL 7 : rh-postgresql12-postgresql (RHSA-2021:5197)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5197 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

Apple Safari APPLE-SA-2019-9-26-9 Multiple security Vulnerabilities

Description Apple Safari is prone to is prone to multiple security vulnerabilities. An attacker may exploit these issues to carry out phishing-style attacks or to obtain sensitive information that may aid in further attacks. Technologies Affected Apple Safari 1.0.0 Apple Safari 1.0.0 Apple Safari...

CVE-2017-6021

In Schneider Electric ClearSCADA 2014 R1 build 75.5210 and prior, 2014 R1.1 build 75.5387 and prior, 2015 R1 build 76.5648 and prior, and 2015 R2 build 77.5882 and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to...

libpng: User-assisted execution of arbitrary code

Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description Two vulnerabilities have been discovered in libpng: The pnguserversioncheck function contains an...

libpng: Multiple vulnerabilities

Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description Multiple vulnerabilities have been discovered in libpng: The “embeddedprofilelen” function in pngwutil...

DSA-2117-1 apr-util - denial of service

Bulletin has no description...

CVE-2008-2122

IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service CPU consumption via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets...

CVE-2007-4563

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges...

Code injection

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges...