45 matches found
EUVD-2026-36196
Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13...
CVE-2026-46445
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
DEBIAN-CVE-2026-8496
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
The allocate_structures function insufficiently checks bounds before arithmetic multiplication
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures function insufficiently checks bounds before arithmetic...
CVE-2023-40416
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory...
CVE-2025-10254
A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The...
CVE-2025-10255 Ascensio System SIA OnlyOffice Comment Messages.aspx cross site scripting
A vulnerability was determined in Ascensio System SIA OnlyOffice up to 12.7.0. Impacted is an unknown function of the file /Products/Projects/Messages.aspx of the component Comment Handler. Executing manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit h...
CVE-2025-10254 Ascensio System SIA OnlyOffice SVG Image Messages.aspx cross site scripting
A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The...
PT-2025-9012
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.7-770 2 Description A vulnerability in the Linux kernel has been identified, which can cause the system to crash when using touchscreen and framebuffer on certain devices, such as the Nokia 770. The issue is...
WatchGuard Authentication Gateway 安全漏洞
WatchGuard Authentication Gateway WatchGuard Single Sign-On Agent is an authentication gateway from WatchGuard USA. A security vulnerability exists in WatchGuard Authentication Gateway version 12.7 and earlier, which stems from an improperly handled exception condition that allows an attacker wit...
WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ultimate Membership Pro versions = 12.7...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed for Mac computers by Apple Inc. in the United States. A security vulnerability previously existed in Apple macOS Monterey version 12.7.6, which stems from an application that may be able to disclose sensitive user information...
PT-2024-29040 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.7.6 macOS versions prior to 13.6.8 macOS versions prior to 14.6 Description: The issue allows a local attacker to potentially elevate their privileges. It was addressed with improved checks. Recommendations: For mac...
libxml2 安全漏洞
libxml2 is an open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, XSH. A security vulnerability exists in libxml2 versions prior to 2.11.8, 2.12.x through 2.12.7, which stems from the use of the xmllint --htmlout formatting error...
WordPress MihanPanel plugin < 12.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MihanPanel versions 12.7...
PT-2024-22746 · Unknown · Relywp Coupon Affiliates
Name of the Vulnerable Software and Affected Versions: RelyWP Coupon Affiliates versions through 5.12.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For versions throu...
Apple macOS Monterey Security Vulnerability
Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey versions prior to 12.7.4, which stems from an attacker's ability to access sensitive user data...
Apple macOS Monterey Security Vulnerability
Apple macOS Monterey is the 18th major version of Apple's US macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey version 12.7.4, which stems from an application that could result in a denial of service...
PT-2024-19769 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.7.4 macOS versions prior to 13.6.5 macOS versions prior to 14.4 Description: A race condition was addressed with additional validation. This issue may allow an app to access protected user data. Recommendations: For...
Apple macOS Monterey Security Vulnerability
Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey version 12.7.4, which stems from an application that may be able to overwrite arbitrary files...