Dgraph 安全漏洞

Dgraph is an open-source, horizontally scalable distributed GraphQL database with a graphical backend. Versions of Dgraph prior to 25.3.1 contained a security vulnerability. This vulnerability stemmed from a flaw in the restoreTenant management mechanism, which lacked an authorization middleware...

CVE-2026-33717

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing...

CVE-2026-32989

Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...

PT-2026-26628

Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...

WordPress plugin Meals & Wheels 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-25511

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The...

WordPress Masterstudy plugin file inclusion vulnerability

WordPress Masterstudy plugin is a free learning management system plugin designed for WordPress. The WordPress Masterstudy plugin suffers from a file inclusion vulnerability that stems from improper control over the filename of include or request statements, which can be exploited by an attacker ...

WordPress plugin SEOPress for MainWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Just Post Preview Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Gambio Code Issue Vulnerability

Gambio is an all-in-one e-commerce solution from Gambio, Inc. A code issue vulnerability exists in Gambio version 4.9.2.0 and prior versions that stems from allowing an attacker to execute arbitrary code by uploading a crafted PHP file...

PT-2023-32908 · Unknown · Gopeak Masterlab

Name of the Vulnerable Software and Affected Versions: gopeak MasterLab versions up to 3.3.10 Description: A critical vulnerability was found in gopeak MasterLab. The issue affects the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to...

CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...

PT-2023-22960 · WordPress · Mstore Api

The MStore API WordPress plugin, specifically versions before 3.9.9, is affected by a security issue that allows visitors to create user accounts with a role of their choice via the wholesale REST API endpoint. This issue is only exploitable if the site owner has paid to access the plugin's pro...

CVE-2023-25803

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

Arbitrary file deletion vulnerability in SKYUC in***.php file

SKYUC is a leading PHP video-on-demand system developed by the sky network over the years movie program, perfect support for a variety of P2P streaming software, suitable for general movie portal stations, Internet cafes, hotels, education and other industries. SKYUC in.php file has an arbitrary...

Sybase Adaptive Server Enterprise (ASE)多个安全漏洞

BUGTRAQ ID: 57206 Sybase Adaptive Server Enterprise是关系型数据库管理系统。 Sybase Adaptive Server Enterprise ASE在实现上存在多个安全漏洞，本地用户可利用这些漏洞泄露敏感信息、提升权限、绕过安全限制、控制受影响系统、执行SQL注入攻击、操作某些数据、造成拒绝服务。 1、在创建代理表时存在错误，可被利用绕过某些安全限制。 2、通过Sybase Central的ASE插件创建表时存在错误，可被利用绕过某些安全限制。 3、某些输入没有正确过滤即被用在SQL查询中，通过注入任意SQL代码，可被利用操作SQL查...

Analysis upload vulnerability-vulnerability warning-the black bar safety net

This article sent to the hacker line of Defense of 2006.4 period, reproduced please indicate the Analysis upload vulnerability in the form English / the loneliness of the hedgehog In a brief introduction through the injection vulnerability check and fill, following the coupling re-introduce a...

[eVuln] PHP iCalendar File Inclusion Vulnerability

New eVuln Advisory: PHP iCalendar File Inclusion Vulnerability http://evuln.com/vulns/70/summary.html --------------------Summary---------------- eVuln ID: EV0070 Software: PHP iCalendar Sowtware's Web Site: http://phpicalendar.net/ Versions: 2.0.1 2.1 2.2 Critical Level: Dangerous Type: File...

Microsoft Index Server 2.0 - '%20' ASP Source Disclosure

source: https://www.securityfocus.com/bid/1084/info Index Server can be used to cause IIS to display the source of .asp and possibly other server-side processed files. By appending a space %20 to the end of the filename specified in the 'CiWebHitsFile' variable, and setting 'CiHiliteType' to 'Ful...