CVE-2026-39428 CubeCart: Stored Cross-Site Scripting (XSS)

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

CVE-2026-39358

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

CVE-2026-39358 CubeCart: Time-based Blind SQL Injection

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

EZB Systems Easyboot 安全漏洞

EZB Systems Easyboot is a tool developed by EZB Systems that simplifies the process of creating boot discs for Linux systems and installing operating systems. Version 6.6.0 of EZB Systems Easyboot contains a security vulnerability. This vulnerability stems from a buffer overflow in the Replace Te...

CVE-2026-2630

CVE-2026-2630 is a command‑injection vulnerability affecting the Tenable Security Center. An authenticated, remote attacker could execute arbitrary code on the underlying server hosting Security Center. The CVSS metrics indicate network access, low attack complexity, and that privileges are requi...

CVE-2026-22691

CVE-2026-22691 affects the Python PDF library pypdf prior to version 6.6.0 . The issue causes potentially long runtimes when parsing PDFs with malformed startxref entries, particularly for files with many whitespace characters, during cross-reference table rebuilding. Only the non-strict reading ...

EUVD-2026-1878

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...

EUVD-2025-202604

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

Zoom Rooms for Windows 安全漏洞

Zoom Rooms for Windows is a conference room software from Zoom USA. A security vulnerability exists in Zoom Rooms for Windows prior to version 6.6.0, which stems from a failure in the software's downgrade protection mechanism and could lead to elevation of privilege via local access by an...

[R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.5.1 and 6.6.0: SC-202509.2.1

R1 Stand-alone Security Patch Available for Tenable Security Center versions 6.5.1 and 6.6.0: SC-202509.2.1 Jason Schavel Tue, 09/30/2025 - 12:32 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components SimpleSAML was found to...

CVE-2024-23664

A URL redirection to untrusted site 'open redirect' in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL...

DEBIAN-CVE-2024-36600

Buffer Overflow Vulnerability in libcdio 2.2.0 fixed in 2.3.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file...

Atmail SQL Injection Vulnerability

Atmail is an email hosting service from Atmail. It is used to ensure a secure, stable, scalable and private customer email platform. An SQL injection vulnerability exists in Atmail version v6.6.0, which stems from an SQL injection vulnerability in the login page...

CVE-2020-24719

Exposed Erlang Cookie could lead to Remote Command Execution RCE attack. Communication between Erlang nodes is done by exchanging a shared secret aka "magic cookie". There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlan...

BlackBerry QNX Software Development Platform Unauthorized Operation Vulnerability

The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. A security vulnerability exists in the default configuration of QNX SDP in BlackBerry QNX SDP version 6.6.0 an...