276244 matches found
BELL-CVE-2026-23028
Bulletin has no description...
BELL-CVE-2026-23029
Bulletin has no description...
Malicious code in z-shop-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ac6f0b86a348586f517ef591a8fa3dd2ffffd919bcc1f6cfce912d06cba4aa5 The package z-shop-ui was found to contain malicious code. Source: ghsa-malware 7d3e42fd3ceecf78bbc9a794a0a36c38485ab8e91fe9892ffbd9c1db7f2a0fa0 Any...
CVE-2025-61649
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309...
GLPI 代码问题漏洞
GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...
PT-2026-6467
Impact A Cross-site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts...
PT-2026-6041
Name of the Vulnerable Software and Affected Versions SIBS woocommerce payment gateway plugin for WordPress versions up to and including 2.2.0 Description The SIBS woocommerce payment gateway plugin for WordPress is susceptible to time-based SQL Injection via the referencedId parameter. This is d...
Autodesk 3ds Max 缓冲区错误漏洞
Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. Autodesk 3ds Max has a buffer error vulnerability, which stems from memory corruption during the parsing of specially crafted RGB files. This vulnerability may allow for the execution of arbitrary code...
GLPI 授权问题漏洞
GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...
PT-2026-5867
Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description The software does not invalidate user sessions after logout. This could allow an authenticated user to impersonate another user on the system. Recommendations Update to a version later than...
PT-2026-6049
Name of the Vulnerable Software and Affected Versions Neo4j Enterprise and Community editions versions prior to 2026.01.3 and versions prior to 5.26.21 Description The obfuscate literals option in query logs does not redact error information, potentially exposing unredacted data when a query fail...
PT-2026-6090
Name of the Vulnerable Software and Affected Versions PACM versions prior to SMR Feb-2026 Release 1 Description Improper input validation in PACM allows a physical attacker to execute arbitrary commands. Recommendations Update to SMR Feb-2026 Release 1 or later...
GLPI SQL注入漏洞
GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...
CVE-2025-33081 Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user...
CVE-2020-37090
CVE-2020-37090 affects School ERP Pro 1.0. The vulnerability resides in the message-attachment file upload, which can be exploited to upload arbitrary PHP files, enabling remote code execution on the server. Root cause evidenced in the connected PT-2026-5840 entry: inadequate validation/verificat...
EUVD-2020-30992
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php...
CVE-2020-37069
Konica Minolta FTP Utility 1.0 has a buffer overflow in the NLST command. An oversized input (1500 'A' characters) can crash the FTP server and potentially allow unauthorized code execution. This affects the NLST handling in Konica Minolta FTP Utility 1.0 and is reported with high impact (availab...
CVE-2026-22222
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
CVE-2026-24052
Summary: CVE-2026-24052 affects Claude Code prior to 1.0.111, where URL validation in the trusted-domain check for WebFetch used a startsWith() approach, allowing crafted domains (e.g., modelcontextprotocol.io.example.com) to bypass validation and potentially cause automatic requests to attacker‑...
CVE-2026-25616
Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665...