21 matches found
EUVD-2026-29003
A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function updateauthorizedpccruleandqos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2025-67683
Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...
MiracleLinux 7 : tomcat-7.0.76-11.el7 (AXSA:2020-4508:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4508:01 advisory. tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability CVE-2020-1938 Tenable has extracted the preceding description block directly from the MiracleLinu...
Desdev DedeCMS 跨站请求伪造漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Desdev Network Desdev. The system has content publishing, content management, content editing and content retrieval functions. A cross-site request forgery vulnerability...
Desdev DedeCMS Security Breach
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...
AZL-31941 CVE-2023-46728 affecting package squid 5.7-5
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggeri...
IBM InfoSphere Information Server 安全漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A CSV injection vulnerability exists in IBM InfoSphere Information Server version 11.7, which...
CVE-2023-24736
PMB v7.4.6 was discovered to contain a remote code execution RCE vulnerability via the component /sauvegarde/restaureact.php...
SUSE CVE-2014-8150
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...
SUSE CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence...
CVE-2022-27929
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP...
CVE-2021-36092
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG OTRS Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior version...
SQL Injection Vulnerability in Guojiz International Website Navigation System
Guojiz International Website Navigation System is developed by ThinkPHP5.0+PHP7.0+Mysql+Apache/Nginx/iis, which is suitable for small and medium-sized webmasters to build a CMS program. Guojiz International Website Navigation System has a SQL injection vulnerability, which can be exploited by...
Unspecified Vulnerability in SAP Commerce (CNVD-2020-65569)
SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. This product supports sales management, marketing management, order management and operations management. A security vulnerability exists in SAP Commerce versions 6.7, 1808, 1811, 1905, and 2005, which can be exploited b...
CVE-2019-3025
Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the...
DEBIAN-CVE-2018-1318
Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server ATS 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrad...
Google Chrome Omnibox Reference Policy Bypass Vulnerability
Google Chrome is a web browser developed by Google, Inc. and Omnibox is a real-time search engine. A security vulnerability exists in Omnibox in versions of Google Chrome prior to 67.0.3396.62. A remote attacker can exploit the vulnerability with the help of a specially crafted website to bypass...
UBUNTU-CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence...
Drupal Access Bypass Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Ctools Chaos tool suite is one of the API modules used to improve the development experience. A security vulnerability exists in ctools in Drupal in versions 6.x-1.x prior to 6.x-1.14 a...
IBM Security Access Manager Information Disclosure Vulnerability (CNVD-2014-09196)
IBM Security Access Manager software is a highly scalable user authentication, authorization and Web SSO solution for implementing security policies on a variety of Web and application resources, centralized management of online portals. An information disclosure vulnerability exists in IBM...