41 matches found
CVE-2026-27461
Summary : Pimcore pre-12.3.3 exposes a SQL-like injection in the dependency listing filter. In versions up to 11.5.14.1 and 12.3.2, the filter query parameter is JSON-decoded and the value is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Impact : With adm...
CVE-2020-36962
Tendenci 12.3.1 is affected by a CSV formula injection in the contact form message field. A crafted payload like '=10+20+cmd|' /C calc'!A0' can trigger arbitrary command execution when the exported CSV is opened in spreadsheet applications. The vulnerability is caused by untrusted user input bein...
CVE-2026-22693 Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...
Veeam Backup & Replication 13.0.1 In-Place Upgrade Version Requirement
Challenge When attempting to upgrade an existing Veeam Backup & Replication deployment to version 13.0.1, the installer displays a message stating: Unable to upgrade Veeam Backup & Replication: you can upgrade from version 12.3.1.1139 or later only. Solution Before attempting an in-place upgrade ...
Linux Distros Unpatched Vulnerability : CVE-2020-18778
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Libav 12.3, there is a heap-based buffer over-read in vc1decodepmbintfi in vc1block.c that allows an attacker to cause denial-of-service via a crafted file...
Linux Distros Unpatched Vulnerability : CVE-2018-19128
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Libav 12.3, there is a heap-based buffer over-read in decodeframe in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop Desktop Versions 12.3, 8 and earlier. The vulnerability is in how Photoshop Desktop handles opening maliciously crafted files. This vulnerability allows attackers to execute arbitrary code within the application. Adobe has released updates to fix the...
Linux Distros Unpatched Vulnerability : CVE-2019-20426
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets se...
libav 安全漏洞
Libav is a cross-platform solution for recording and converting audio and video from the Libav team that includes a libavcodec encoder. A security vulnerability exists in libav 12.3 and earlier versions, which stems from a null pointer dereference in the function ffseekframebinary in the file...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden AXIS. A security vulnerability exists in AXIS OS versions 6.50 through 12.3, which stems from a parameter that allows arbitrary values and could result in blocking access to the guard patrol configuration page of an Axis device...
CVE-2020-25622
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF...
CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status
tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...
Asp.Net Zero Security Vulnerability
Asp.Net Zero is an open source web development framework. A security vulnerability exists in Asp.Net Zero versions prior to 12.3.0, which stems from messages being transmitted over websocket, and can be exploited by an attacker to inject HTML into a user's message, redirecting the intended victim...
Adobe Connect 跨站脚本漏洞
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe Connect 12.3 and earlier versions. An attacker could exploit this vulnerability to cause a cross-site scripting attack...
Adobe Connect 跨站脚本漏洞
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe Connect 12.3 and earlier versions. An attacker could exploit this vulnerability to cause a cross-site scripting attack...
PT-2023-25325 · Sugarcrm · Sugarcrm Enterprise
Name of the Vulnerable Software and Affected Versions: SugarCRM Enterprise versions prior to 11.0.6 SugarCRM Enterprise versions 12.x prior to 12.0.3 Description: An Unrestricted File Upload issue has been identified in the Notes module due to missing input validation. This allows custom PHP code...
SUSE CVE-2019-14441
An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service application crash, as demonstrated by avconv. This is related to ffmpasynthfilterfloat in avcodec/mpegaudiodsptemplate.c. NOTE: This may be a duplicate of CVE-2018-19129...
Broadcom CA Automic Automation 输入验证错误漏洞
Broadcom CA Automic Automation is an automation product from Broadcom, Inc. It provides a service orchestration and automation platform to automate complex applications, platforms, and technology environments. A security vulnerability exists in Broadcom CA Automic Automation versions 12.2 and 12....
Broadcom CA Automic Automation 安全漏洞
Broadcom CA Automic Automation is an automation product from Broadcom, Inc. It provides a service orchestration and automation platform to automate complex applications, platforms, and technology environments. A security vulnerability exists in Broadcom CA Automic Automation versions 12.2 and 12....
Apple macOS Monterey 竞争条件问题漏洞
Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey version 12.3. An attacker has exploited the vulnerability to modify protected portions of the file system...