Lucene search
K

41 matches found

CVE
CVE
added 2026/02/24 2:50 a.m.45 views

CVE-2026-27461

Summary : Pimcore pre-12.3.3 exposes a SQL-like injection in the dependency listing filter. In versions up to 11.5.14.1 and 12.3.2, the filter query parameter is JSON-decoded and the value is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Impact : With adm...

6.9CVSS5.4AI score0.00457EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/01/28 5:35 p.m.17 views

CVE-2020-36962

Tendenci 12.3.1 is affected by a CSV formula injection in the contact form message field. A crafted payload like '=10+20+cmd|' /C calc'!A0' can trigger arbitrary command execution when the exported CSV is opened in spreadsheet applications. The vulnerability is caused by untrusted user input bein...

9.8CVSS6.1AI score0.10683EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/01/10 5:53 a.m.24 views

CVE-2026-22693 Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...

5.3CVSS0.00377EPSS
Exploits1References2
Veeam
Veeam
added 2025/11/19 12:0 a.m.24 views

Veeam Backup & Replication 13.0.1 In-Place Upgrade Version Requirement

Challenge When attempting to upgrade an existing Veeam Backup & Replication deployment to version 13.0.1, the installer displays a message stating: Unable to upgrade Veeam Backup & Replication: you can upgrade from version 12.3.1.1139 or later only. Solution Before attempting an in-place upgrade ...

6.9AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-18778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Libav 12.3, there is a heap-based buffer over-read in vc1decodepmbintfi in vc1block.c that allows an attacker to cause denial-of-service via a crafted file...

6.5CVSS6.7AI score0.00886EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-19128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Libav 12.3, there is a heap-based buffer over-read in decodeframe in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi...

6.5CVSS6.6AI score0.01058EPSS
Exploits0References2
NCSC
NCSC
added 2025/08/13 10:0 a.m.5 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Desktop Versions 12.3, 8 and earlier. The vulnerability is in how Photoshop Desktop handles opening maliciously crafted files. This vulnerability allows attackers to execute arbitrary code within the application. Adobe has released updates to fix the...

7.8CVSS7.7AI score0.00227EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-20426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets se...

7.8CVSS7.1AI score0.0192EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.3 views

libav 安全漏洞

Libav is a cross-platform solution for recording and converting audio and video from the Libav team that includes a libavcodec encoder. A security vulnerability exists in libav 12.3 and earlier versions, which stems from a null pointer dereference in the function ffseekframebinary in the file...

4.8CVSS4.2AI score0.00212EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/06/02 12:0 a.m.6 views

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden AXIS. A security vulnerability exists in AXIS OS versions 6.50 through 12.3, which stems from a parameter that allows arbitrary values and could result in blocking access to the guard patrol configuration page of an Axis device...

4.3CVSS6.7AI score0.00322EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:22 p.m.7 views

CVE-2020-25622

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF...

8.8CVSS7AI score0.00944EPSS
Exploits0
Cvelist
Cvelist
added 2025/01/06 3:38 p.m.27 views

CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status

tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...

8.8CVSS0.00454EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.2 views

Asp.Net Zero Security Vulnerability

Asp.Net Zero is an open source web development framework. A security vulnerability exists in Asp.Net Zero versions prior to 12.3.0, which stems from messages being transmitted over websocket, and can be exploited by an attacker to inject HTML into a user's message, redirecting the intended victim...

6.1CVSS6.6AI score0.0046EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/13 12:0 a.m.5 views

Adobe Connect 跨站脚本漏洞

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe Connect 12.3 and earlier versions. An attacker could exploit this vulnerability to cause a cross-site scripting attack...

6.1CVSS5.9AI score0.00403EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/13 12:0 a.m.5 views

Adobe Connect 跨站脚本漏洞

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe Connect 12.3 and earlier versions. An attacker could exploit this vulnerability to cause a cross-site scripting attack...

6.1CVSS5.9AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/17 12:0 a.m.5 views

PT-2023-25325 · Sugarcrm · Sugarcrm Enterprise

Name of the Vulnerable Software and Affected Versions: SugarCRM Enterprise versions prior to 11.0.6 SugarCRM Enterprise versions 12.x prior to 12.0.3 Description: An Unrestricted File Upload issue has been identified in the Notes module due to missing input validation. This allows custom PHP code...

8.8CVSS7.5AI score0.01255EPSS
Exploits2References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.3 views

SUSE CVE-2019-14441

An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service application crash, as demonstrated by avconv. This is related to ffmpasynthfilterfloat in avcodec/mpegaudiodsptemplate.c. NOTE: This may be a duplicate of CVE-2018-19129...

6.5CVSS6.4AI score0.01156EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/16 12:0 a.m.5 views

Broadcom CA Automic Automation 输入验证错误漏洞

Broadcom CA Automic Automation is an automation product from Broadcom, Inc. It provides a service orchestration and automation platform to automate complex applications, platforms, and technology environments. A security vulnerability exists in Broadcom CA Automic Automation versions 12.2 and 12....

9.8CVSS8.8AI score0.01736EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/16 12:0 a.m.3 views

Broadcom CA Automic Automation 安全漏洞

Broadcom CA Automic Automation is an automation product from Broadcom, Inc. It provides a service orchestration and automation platform to automate complex applications, platforms, and technology environments. A security vulnerability exists in Broadcom CA Automic Automation versions 12.2 and 12....

7.5CVSS7.4AI score0.01178EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/26 12:0 a.m.4 views

Apple macOS Monterey 竞争条件问题漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey version 12.3. An attacker has exploited the vulnerability to modify protected portions of the file system...

4.7CVSS6AI score0.01646EPSS
Exploits0References2
Rows per page
Query Builder