CVE-2025-69720 affecting package ncurses for versions less than 6.4-3

CVE-2025-69720 affecting package ncurses for versions less than 6.4-3. A patched version of the package is available...

WordPress plugin ShortPixel Image Optimizer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-55099 Potential out-of-bounds read in _ux_host_class_audio_alternate_setting_locate()

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudioalternatesettinglocate when parsing a descriptor with attacker-controlled frequency fields...

Linux Distros Unpatched Vulnerability : CVE-2024-31210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an...

WordPress Advanced Custom Fields Plugin < 6.4.3 HTML Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:advancedcustomfields:advancedcustomfields"; if description...

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.3, which stems from an integer overflow and could result in a denial of service...

WordPress Fancy Product Designer plugin <= 6.4.3 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Fancy Product Designer versions = 6.4.3...

QNAP Systems Photo Station 跨站脚本漏洞

QNAP Systems Photo Station is an online photo album from QNAP Systems, Inc. It is used to organize multimedia content photos and videos on Qnap Nas. A cross-site scripting vulnerability exists in QNAP Systems Photo Station prior to version 6.4.3, which stems from the inclusion of a cross-site...

Puma 安全漏洞

Puma is a web server for highly concurrent applications by Evan Phoenix, an individual developer in the United States. A security vulnerability exists in Puma versions prior to 6.4.3, which stems from a client being able to override values set by an intermediate proxy by supplying an underscored...

CVE-2024-24991

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks...

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from an unrestricted file...

UBUNTU-CVE-2024-31210

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

PT-2024-2905 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.3 Description: The issue is related to a Race Condition TOCTOU vulnerability in the web component of Ivanti Avalanche. This vulnerability can be exploited by a remote authenticated attacker to execute...

PT-2024-2917 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.3 Description: An out-of-bounds read issue in the WLAvalancheService component can allow an unauthenticated remote attacker to read sensitive information in memory under certain conditions...

SUSE CVE-2018-17246

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with...

SUSE CVE-2020-12801

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...

CVE-2022-39420

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Data, Functional Security. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2022-39409

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Business Process Automation. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

Oracle Transportation Management 安全漏洞

Oracle Transportation Management Otm is a tool for shippers and logistics providers from Oracle. It is used to provide transportation planning and execution functionality and to integrate transportation planning, execution, freight payment, and business process automation into a single applicatio...

CVE-2021-37710

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...