163 matches found
Japan Total System多款产品 跨站请求伪造漏洞
Japan Total System GroupSession Free edition and others are an enterprise collaboration software from Japan Total System, Inc. A cross-site request forgery vulnerability exists in various Japan Total System products, which stems from a cross-site request forgery issue that could lead to the...
PT-2025-50603
Name of the Vulnerable Software and Affected Versions Aksis Computer Services and Consulting Inc. AxOnboard versions 3.2.0 through 3.2.9 Description A flaw exists in Aksis Computer Services and Consulting Inc. AxOnboard that permits an authorization bypass through the manipulation of...
CVE-2025-49350
The CVE-2025-49350 entry concerns the WordPress Actionwear products sync plugin (versions up to 2.3.3). The root cause is a missing authorization due to incorrectly configured access control, leading to a broken access control vulnerability. Affected software is the Actionwear products sync plugi...
WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Mdr in WordPress Plugin Thim Elementor Kit versions = 1.3.3...
WordPress Actionwear products sync plugin <= 2.3.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Actionwear products sync versions = 2.3.3...
Fedora 41 : runc (2025-6924245627)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6924245627 advisory. Update to release v1.3.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...
WordPress ACF to REST API plugin <= 3.3.4 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Mohamad Fattyr in WordPress Plugin ACF to REST API versions = 3.3.4...
Amazon Linux 2 : sox, --advisory ALAS2-2025-3032 (ALAS-2025-3032)
The version of sox installed on the remote host is prior to 14.4.1-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3032 advisory. A floating point exception divide-by-zero issue was discovered in SoX in functon startread of wav.c file. An attacker with a crafted w...
GHSA-W9PC-FMGC-VXVW vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.2-rack, logstash, ruby3.4-rack, ruby3.3-rails, ruby3.4-rails, ruby3.3-rack, ruby4.0-rack, gitlab-cng...
CVE-2025-7691 Privilege Defined With Unsafe Actions in GitLab
A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access...
CVE-2025-10858
GitLab CE/EE vulnerable to unauthenticated DoS when uploading specially crafted large JSON files. Affected branches: all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Impact is Denial of Service (availability impact). CVSS 3.1 base score 7.5 (HIGH) with network attack vector...
CVE-2025-9798
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows Stored XSS. This issue affects Netigma: from 6.3.3 before 6.3.5 V8...
CVE-2025-9798 Stored XSS in Netcad Software's Netigma
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows Stored XSS. This issue affects Netigma: from 6.3.3 before 6.3.5 V8...
Insertion of Sensitive Information into Externally-Accessible File or Directory
Overview org.jenkins-ci.plugins:git-client is a Jenkins git client plugin. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the Git URL field form validation process. An attacker can determine the existence of...
Vulnerabilities fixed in Cisco ISE and ISE-PIC
Cisco has fixed vulnerabilities in Cisco ISE and ISE-PIC. The vulnerabilities are in the way Cisco ISE and ISE-PIC process files through APIs and validate user input. Unauthenticated attackers with access to the API interface can exploit these vulnerabilities to upload and execute arbitrary files...
USN-8478-1 ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
It was discovered that Ruby's Net::IMAP library did not properly verify that TLS encryption was started after issuing a STARTTLS command. A remote attacker could use this to perform a machine-in-the-middle attack and silently bypass TLS encryption. CVE-2026-42246 It was discovered that Ruby's...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the process that handles file uploads and database creation. An attacker can gain unauthorized access to sensitive files by leveraging default file permissions that allow any operating system account to...
CVE-2025-31920
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech WP Guppy wp-guppy allows SQL Injection.This issue affects WP Guppy: from n/a through = 4.3.3...
WordPress plugin Everest Backup 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...