124 matches found
Astra Linux - уязвимость в linux
In the IPv4 implementation in the Linux kernel before 5.12.4, the net/ipv4/route.c file has an information leak because the hash table is very small...
CVE-2026-44516
Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...
PT-2026-34470
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.4 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists where an authenticated user can cause a denial of service by overwhelming system...
Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to path traversal (CVE-2026-29045) loss of integrity (CVE-2026-29085) and loss of confidentiality (CVE-2026-29086)
Summary Node.js module hono is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to path traversal CVE-2026-29045 loss of integrity CVE-2026-29085 and loss of confidentiality CVE-2026-29086. This bulletin provides patch...
CVE-2026-3054
A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...
CVE-2026-3054
The CVE affects Alinto SOGo 5.12.3/5.12.4 . The vulnerability is in an unknown function where manipulating the argument hint leads to cross-site scripting (XSS) . It is described as injectable remotely with an exploit publicly available . The vendor was contacted but did not respond. The document...
Alinto SOGo 代码注入漏洞
Alinto SOGo is an open-source collaboration office software developed by Alinto. Versions 5.12.3 and 5.12.4 of Alinto SOGo contain a code injection vulnerability. This vulnerability stems from incorrect handling of parameter hints, which may lead to cross-site scripting attacks...
CVE-2020-37098
Disk Sorter Enterprise 12.4.16 is affected by an unquoted service path vulnerability that can allow local attackers to execute arbitrary code with LocalSystem privileges by exploiting the unquoted path in the service configuration. The CVE description and multiple connected sources confirm the vu...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000635)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000635 advisory. The nrrecvmsg function in net/netrom/afnetrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure h...
Incorrect Authorization
Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Incorrect Authorization via the defVals parameter in the Edit Document Controller. An attacker can insert unauthorized data into restricted database fields by...
CVE-2025-14733
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...
CVE-2025-13937
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025...
CVE-2025-6242 vulnerabilities
Vulnerabilities for packages: tritonserver-backend-vllm-cuda-12.9, py3-vllm-cuda-12.4...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to inconsistent checks in the backend routing. An attacker can gain unauthorized access to backend AJAX routes by directly invoking them without proper permissions. Note: Additional fixed versions are available...
Linux Distros Unpatched Vulnerability : CVE-2020-26414
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time...
CVE-2024-4892
The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘displayname’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissio...
CVE-2012-4926
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an 1 app0 disable or 2 app1 enable action...
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 versions prior to 12.4.31 LTS and 13.4.2 LTS, which stems from a possible bypass of multi-factor authentication...
PYSEC-2025-190
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnqSigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zeropoint leads to improper initialization. The attack needs to be approached...
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 12.4.0 and earlier, which stems from an inability to validate the mail parameter of createAction, resulting in insecure direct object...