47 matches found
CVE-2025-65954
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...
CVE-2025-65954 SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...
EUVD-2025-209889
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...
Linux Distros Unpatched Vulnerability : CVE-2026-31485
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller...
Dell Optimizer 后置链接漏洞
Dell Optimizer is an intelligent optimization software developed by the American company Dell. Versions of Dell Optimizer prior to 6.3.1 had a post-linkage vulnerability, which stemmed from improper link resolution before file access. This vulnerability could allow local, low-privilege attackers ...
CVE-2025-14510
Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...
CVE-2025-14510 ABB Ability OPTIMAX Authentication Bypass in Single-Sign On
Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...
CVE-2025-14510
CVE-2025-14510 affects ABB Ability OPTIMAX: 6.1, 6.2, and 6.3.0 before 6.3.1-251120, 6.4.0 before 6.4.1-251120. Root cause: incorrect implementation of the authentication algorithm, described as an authentication bypass in single sign-on. Administrative/impact details are not expanded beyond the ...
ABB Ability OPTIMAX security vulnerabilities
ABB Ability OPTIMAX is a digital energy management optimization system developed by the Swiss company ABB. There were security vulnerabilities in versions 6.1, 6.2, 6.3.0 through 6.3.1-251120, and from version 6.4.0 through 6.4.1-251120. These vulnerabilities stemmed from incorrect implementation...
CVE-2025-60082
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through = 6.5.0...
CVE-2025-60084
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through = 6.5.0...
EUVD-2025-204106
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through = 6.3.1...
CVE-2025-60084
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through = 6.5.0...
CVE-2025-60082
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through = 6.5.0...
CVE-2025-60084 WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through = 6.5.0...
CVE-2025-47213
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
EUVD-2025-32331
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
EUVD-2025-32370
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
Linux Distros Unpatched Vulnerability : CVE-2024-28853
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting XSS vulnerability in ampache before v6.3.1 allows a remot...
CVE-2023-21925
Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications component: Core. Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...