EUVD-2026-24612

Vulnerability in Spring Spring Security. If an application uses to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from...

CVE-2025-67491

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable $data is passed in a click event handler enclosed in...

CVE-2025-68277 OpenEMR allows links sent via Secure Messaging to be opened in OpenEMR and Portal

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing. Version 7.0...

CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

CVE-2022-50704

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switching USB config from rndis to other config, if the hardware does not support the -pullup callback, or the hardware encounters a low probability fault...

Advantech iView 安全漏洞

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from an authentication bypass in the getInventoryReportData parameter of the...

Advantech iView 安全漏洞

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter...

CVE-2024-46664

A relative path traversal in Fortinet FortiRecorder CWE-23 version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests...

CVE-2023-45590

An improper control of generation of code 'code injection' in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website...

Dell VxRail 操作系统命令注入漏洞

Dell VxRail is Dell's single HCI platform for every VMware workload and use case, including VDI, compute-intensive applications, and for hosting legacy and modern applications on a true hybrid cloud infrastructure. An operating system command injection vulnerability exists in Dell VxRail versions...

ALPINE-CVE-2022-35951

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

PT-2022-3806

Name of the Vulnerable Software and Affected Versions: Redis versions 7.0.0 through 7.0.3 Description: The issue is related to a heap overflow that can potentially lead to remote code execution. This occurs when a specially crafted XAUTOCLAIM command is executed on a stream key in a specific stat...

CVE-2022-32561

An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network...

CVE-2022-32559

An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics...

Couchbase Server 安全漏洞

Couchbase Server is a distributed open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server versions prior to 7.0.4. No information about this vulnerability is...

Couchbase Server 安全漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in versions of Couchbase Server prior to 7.0.4, which stems from the fact that...