Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. The...

CVE-2025-14854

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

CVE-2025-14854 WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

The vulnerability of the eDocLib platform for storing and processing corporate data arises from the lack of measures taken to protect the website structure. This vulnerability allows attackers to carry out cross-site scripting attacks.

The vulnerability of the eDocLib platform for storing and processing corporate data exists due to the lack of measures taken to protect its web page structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code in the user’s browser by creating a...

Product update: Virtuozzo PowerPanel Update 1 Hotfix 1 (7.0.4-39)

The update for Virtuozzo PowerPanel introduces stability and usability fixes. Vulnerability id: PP-643 Attach and detach backup tasks missing or undefined in the task log. Vulnerability id: PP-642 The 'vzapi-api' package not updated on the controller when upgrading PowerPanel. Vulnerability id:...

Veeam Backup Enterprise Manager RESTful APIs Upgrade Instructions

Challenge Veeam Backup & Replication 9.5 Update 4 RTM is not compatible with the previous versions of API. Some integration may not work as expected. Cause Update 4 has introduced new Product functionality that requires extended API and incremented the required request version to v14. Solution Th...

Discuz! X3.1 逻辑错误漏洞

Discuz! X3.1 在完成任务时（home.php?mod=draw&do=view&id=xx），任务先前的状态缺少判断完成任务的链接形如：home.php?mod=draw&do=view&id=xx这个地址最终在 source\class\classtask.php 中被处理约第370行：function draw$id global $G; if!$this-task = C::t'commontask'-fetchbyuid$G'uid', $id showmessage'tasknonexistence'; elseif$this-task'status' != 0...

CVE-2006-3958

Multiple unspecified cross-site scripting XSS vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via 1 the Search Tasks system, or authenticated users via 2 the Edit Task system, 3 the back-end Category Editor system, and 4 "Pages that display task...