CVE-2025-67288

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation as shown in the documentation belongs to the system administrator who is...

EUVD-2021-7561

Malicious code in bioql PyPI...

EUVD-2024-46725

Malicious code in bioql PyPI...

GHSA-XJHF-7833-3PM5 Volto affected by possible DoS by invoking specific URL by anonymous user

Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...

PT-2025-29922 · Unknown · Oa Ekp Version 16

Name of the Vulnerable Software and Affected Versions: OA EKP version 16 Description: OA EKP version 16 contains an arbitrary download vulnerability within the /ui/sys ui extend/sysUiExtend.do component. This issue allows attackers to obtain the background administrator password and subsequently...

CVE-2023-41566

OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sysuiextend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions...

RHSA-2025:1731 Red Hat Security Advisory: postgresql:16 security update

Bulletin has no description...

BIT-NODE-MIN-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql, postgresql16, postgresql17 (SUSE-SU-2024:4173-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4173-1 advisory. This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Rela...

Security update for postgresql, postgresql16, postgresql17

This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirme...

CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

CVE-2024-8648 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL...

RHSA-2023:1582 Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

Bulletin has no description...

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Switzerland. Combining backup, anti-malware, network security and endpoint management features such as vulnerability assessment, URL filtering, patch management and more. A security...

Apple Xcode Security Update (HT121239)

Apple Xcode is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:xcode"; ifdescription...

D-Link DI-8300 安全漏洞

The D-Link DI-8300 is a wireless broadband router designed for small to medium-sized network environments from China's D-Link. A command injection vulnerability exists in the D-Link DI-8300 version v16.07.26A1, which stems from the upgradefilterasp function failing to properly filter constructor...

PostgreSQL 12.x < 12.20 / 13.x < 13.16 / 14.x < 14.13 / 15.x < 15.8 / 16.x 16.4 SQL Injection<

The version of PostgreSQL installed on the remote host is 12 prior to 12.20, 13 prior to 13.16, 14 prior to 14.13, 15 prior to 15.8, or 16 prior to 16.4. As such, it is potentially affected by a vulnerability : - Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an...

OpenCMS Cross-Site Scripting vulnerability

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field...

CVE-2024-5521

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...

CVE-2024-5521

The CVE-2024-5521 entry describes stored Cross-Site Scripting in Alkacon OpenCMS 16 via SVG file uploads. The root cause is improper validation of .svg images, which, when uploaded by users with gallery editor or VFS resource manager roles, allows JavaScript in the SVG to execute when another use...