CVE-2026-33929

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

CVE-2026-3608

CVE-2026-3608 affects Kea daemons (kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, kea-dhcp6). A maliciously crafted message over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow. Affected versions: 2.6.0–2.6.4 and 3.0.0–3.0.2. Exploitation details a...

PT-2026-26633

Name of the Vulnerable Software and Affected Versions QHora versions prior to 2.6.3.009 Description An issue exists in QHora where an improper restriction of communication channels to intended endpoints can allow an attacker with physical access to gain elevated privileges. The issue was exploite...

Security Bulletin: IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters. (CVE-2025-36364)

Summary A vulnerability has been identified in IBM DevOps Plan REST APIs where sensitive data is transmitted via request query parameters. Vulnerability Details CVEID:CVE-2025-36364 DESCRIPTION: IBM DevOps Plan allows web page cache to be stored locally which can be read by another user on the...

PT-2026-1953

Name of the Vulnerable Software and Affected Versions Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 Description The Ruckus vRIoT IoT Controller firmware contains hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessib...

CVE-2025-14370 Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...

SUSE SLES12 Security Update : regionServiceClientConfigAzure (SUSE-SU-2025:03169-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03169-1 advisory. This update for regionServiceClientConfigAzure contains the following fixes: - Update to version 3.0.0. bsc1246995 - SLE 16 python-requests...

ImageSharp 安全漏洞

ImageSharp is a new, full-featured, fully managed, cross-platform 2D graphics API open-sourced by Six Labors. A security vulnerability exists in ImageSharp versions prior to 2.1.11 and 3.0.0 through 3.1.10, which stems from the possibility of entering an infinite loop when processing specially...

PT-2024-18761 · Samsung · Samsung Data Store

Name of the Vulnerable Software and Affected Versions: Samsung Data Store versions prior to 5.3.00.4 Description: The issue is related to improper access control in Samsung Data Store, allowing local attackers to launch arbitrary activities with the privilege of Samsung Data Store. Recommendation...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from improper handling of request URLs, which allows users to load unallowed application pages...

CVE-2023-45801

Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0...

com.github.wmixvideo:nfe (>=3.1.40 <=4.0.41), com.github.zuinnote:hadoopoffice-flinkts_2.11 (=1.7.0) +239 more potentially affected by CVE-2023-44483 via org.apache.santuario:xmlsec (>=3.0.0 <=3.0.2)

org.apache.santuario:xmlsec MAVEN version =3.0.0, =3.1.40, =2022.5.1, =2022.5.1, =2022.5.1, =2022.5.1, =2022.5.1, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.4.0 and more Source cves: CVE-2023-44483 Source advisory: OSV:GHSA-XFRJ-6VVC-3XM2...

DEBIAN-CVE-2023-40181

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the zgfxdecompresssegment function. In the context of CopyMemory, it's possible to read data beyond the...

PT-2023-14154 · B&R · B&R Automation Runtime

Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions 3.00 through C4.93 Description: A reflected cross-site scripting issue exists in the System Diagnostics Manager, allowing a remote attacker to execute arbitrary JavaScript in the context of the user's browser...

B&R Industrial Automation GmbH Runtime 跨站脚本漏洞

B&R Industrial Automation GmbH Runtime is a major component of AS from B&R Industrial Automation GmbH, Austria. A cross-site scripting vulnerability exists in B&R Industrial Automation GmbH Runtime version 3.00 and C4.93, which stems from the presence of a Reflective Cross-Site Scripting XSS...

CVE-2023-0081

creationtimestamp| type| source ---|---|--- 2023-02-06 22:29:51+00:00| seen| Telegram/ObPGvzelTFtmkjLsugK7KgOL1e0Kr7bNeOPOvyeDIdBqxQ...

CVE-2022-36302

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...

GHSA-G3F3-P9RC-775P Mattermost Server exposes account details to any Team Administrator

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details...

DEBIAN-CVE-2022-24891

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...