276239 matches found
CVE-2025-70073
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...
CLEANSTART-2026-WX01708 vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device
Multiple security vulnerabilities affect the clamav package. A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. See references for individual vulnerability details...
Tanium Client 安全漏洞
Tanium Client is a terminal proxy software developed by the American company Tanium. Tanium Client has a security vulnerability, which stems from a denial-of-service vulnerability...
FUXA 安全漏洞
FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA 1.2.9 and earlier contain security vulnerabilities. These vulnerabilities stem from authorization bypasses, which could allow unverified remote attackers to modify device labels...
Inforprograma JumpStart 代码问题漏洞
Inforprograma JumpStart is a software installation and configuration tool developed by Inforprograma in Portugal. Version 0.6.0.0 of Inforprograma JumpStart contains a code vulnerability. This vulnerability stems from the jswpbapi service having a service path that lacks quotation marks, which ma...
PT-2026-6829
Name of the Vulnerable Software and Affected Versions QuickDate version 1.3.2 Description The software contains a SQL injection issue that allows remote attackers to manipulate database queries. This is achieved through the located parameter in the /find matches API endpoint. Attackers can inject...
Cisco TelePresence Collaboration Endpoint Software and RoomOS Software DoS (cisco-sa-tce-roomos-dos-9V9jrC2q)
According to its self-reported version, Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service is affected by a vulnerability. - A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software cou...
Oracle Linux 7 : python (ELSA-2026-1537)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1537 advisory. 2.7.5-94.0.3 - Fix for CVE-2025-12084 Orabug: 38902314 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
CVE-2026-23624
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...
CVE-2025-15330
Tanium addressed an improper input validation vulnerability in Deploy...
CVE-2025-15331 Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
Tanium addressed an uncontrolled resource consumption vulnerability in Connect...
CVE-2025-15341 Tanium addressed an incorrect default permissions vulnerability in Benchmark.
Tanium addressed an incorrect default permissions vulnerability in Benchmark...
Improper Certificate Validation
Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated betwe...
EUVD-2020-31029
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37131
CVE-2020-37131 affects Nsauditor Product Key Explorer 4.2.2.0. A local denial-of-service flaw can crash the application by pasting a crafted 1000-byte payload (repeating characters) into the Key input. Public references document the input field handling for registration keys as the trigger. Explo...
CVE-2020-37119 Nsauditor 3.2.1.0 - Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite))
Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a...
web2py vulnerable to open redirect
Overview web2py contains the following vulnerability. Open redirect CWE-601 - CVE-2026-25198 Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a speciall...
CVE-2025-10314 Malicious Code Execution Vulnerability in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files EXE or DLLs in the installation directory with specially...
GHSA-VWCG-C828-9822 FUXA Unauthenticated Remote Code Execution via Admin JWT Minting
Note GitHub incorrectly stated this vulnerability is identical to CVE-2025-69970, which describes the fact that authentication is disabled by default. This advisory describes an exploit chain that enables authentication bypass via the heartbeat refresh endpoint when authentication is enabled. Thi...
CVE-2019-25276
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Rockwell Software\FactoryTalk...