Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc64/bpf: The instruction “ldbrx” is limited to processors that comply with ISA v2.06. Johan reported the following crash with the testbpf function on the ppc64 e5500 architecture: testbpf: 296 ALUENDFROMLE 64:...

CVE-2026-8272 D-Link DNS-320 webfile_mgr.cgi chown os command injection

A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfilemgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public...

PT-2026-33414

Name of the Vulnerable Software and Affected Versions Unlimited Elements for Elementor versions prior to 2.0.7 Description An arbitrary file read issue exists due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the ability to enable debug...

WordPress plugin WooCommerce csv import export 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

D-Link DIR-619L 安全漏洞

The D-Link DIR-619L is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-619L version 2.06B01, which stems from the formmacfilter method failing to properly validate the length size of the input data, and can be exploited by a remote attacker ...

WordPress YouTube SimpleGallery plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin YouTube SimpleGallery versions = 2.0.6...

CVE-2022-20649

A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...

NEUMANN N-LINE 安全漏洞

NEUMANN N-LINE is an online course training tool for LIVE and recorded distribution from NEUMANN Japan. A security vulnerability exists in NEUMANN N-LINE version 2.0.6 and prior versions, which stems from improper input validation, where arbitrary code may be executed on a user's browser or may b...

PT-2024-26551 · Inxedu · Inxedu

Name of the Vulnerable Software and Affected Versions: inxedu version 2.0.6 Description: The issue is related to an arbitrary file upload vulnerability in the ImageUploadController.class component. This allows attackers to execute arbitrary code by uploading a crafted jsp file. Recommendations: F...

TP-LINK ER7206 Operating System Command Injection Vulnerability

The TP-LINK ER7206 is a multifunction Gigabit router from China P&L TP-LINK. An operating system command injection vulnerability exists in the TP-LINK ER7206 version 1.3.0 build 20230322 Rel.70591, which stems from a specially crafted HTTP request that could lead to arbitrary command injection...

CVE-2023-32588

Cross-Site Request Forgery CSRF vulnerability in BRANDbrilliance Post State Tags plugin = 2.0.6 versions...

CVE-2019-25149

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security...

CVE-2023-25041

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cththemes Monolit theme = 2.0.6 versions...

Generex UPS CS141 代码问题漏洞

The Generex UPS CS141 is a microcomputer from the German company Generex. A security vulnerability exists in the Generex UPS CS141 prior to version 2.06, which stems from a vulnerability that allows an attacker to upload a firmware file containing a webshell...

SUSE CVE-2010-2751

The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and...

IBM Data Risk Manager 加密问题漏洞

IBM Data Risk Manager is a data risk manager from IBM Corporation of the United States. The product supports discovery, analysis and visualization of business risk data, etc. A security vulnerability exists in IBM Data Risk Manager iDNA 2.0.6, which could be exploited by an attacker to decrypt...

CVE-2021-24266

The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

CVE-2020-28185

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php...

Terramaster TOS Permission License and Access Control Issues Vulnerability

Terramaster TOS is a Linux-based operating system dedicated to the erraMaster Cloud Storage NAS server from Shenzhen Tumi Electronic Technology Terramaster in China. A security vulnerability exists in TerraMaster TOS version 4.2.06 and earlier versions, which can be exploited by a remote,...

Terramaster TOS Path Traversal Vulnerability

Terramaster TOS is a Linux-based operating system dedicated to the erraMaster Cloud Storage NAS server from Shenzhen Tumi Electronic Technology Terramaster in China. A path traversal vulnerability exists in TerraMaster TOS version 4.2.06 and earlier versions, which allows a remote authenticated...