5 matches found
CVE-2026-33537
Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...
CVE-2025-23049
Meridian Technique Materialise OrthoView through 7.5.1 allows OS Command Injection when servlet sharing is enabled...
Atlassian Confluence Server and Data Center Injection Vulnerabilities
Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi.Atlassian Confluence Data Center is the data center version of Atlassian Confluence. Atlassian...
Command Injection Vulnerability in SANGFOR AF
SANGFOR AF is a next-generation application firewall designed with application security needs in mind. A command injection vulnerability exists in SANGFOR AF 7.5.1 and earlier versions, which can be exploited by attackers to execute arbitrary system commands and gain root privileges...
CVE-2016-2020
HPE Systems Insight Manager SIM before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030...