CVE-2026-2396

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Zabbix 6.0.x < 6.0.42 / 7.0.x < 7.0.19 / 7.2.x < 7.2.13 / 7.4.x < 7.4.3 DoS (ZBX-27284)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service. Note...

OESA-2025-2862 redis6 security update

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2025-43736

MODE C Vulnerability: CVE-2025-43736 affects Liferay Portal 7.4.3.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.8 (and older 2024 Qx bundles) where uploading a profile picture larger than 300 KB (exceeding the documented 300 KB limit) can cause service slowdown / potential Denial of Service. Root...

BIT-REDIS-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

BIT-KEYDB-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

CVE-2025-21605

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

CVE-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

CVE-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

CVE-2025-21605

CVE-2025-21605 affects Redis where, in versions starting at 2.6 and before 7.4.3, an unauthenticated client can cause unlimited growth of the output buffer, exhausting memory and potentially crashing the server. The issue occurs because Redis’ default client-output-buffer-limit does not cap norma...

CVE-2025-21605

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

CVE-2024-46662

A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets...

Fortinet FortiAnalyzer 格式化字符串错误漏洞

Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet, Inc. The product is mainly used to collect network log data and analyze, report, and archive operations on security events, network traffic, Web content, etc. in the logs through the reporting suite. A...

Siemens RUGGEDCOM APE 1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2021-36631

Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

Guzzle 信息泄露漏洞

PHP is a scripting language that executes on the server side.Guzzle is a PHP HTTP client for the guzzlehttp individual developer that makes it easy to send HTTP requests and easily integrates with web services. An information disclosure vulnerability exists in Guzzle versions 6.5.6 and earlier,...

Modbus Tools Modbus Slave

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity/public exploits are available Vendor: Modbus Tools Equipment: Modbus Slave Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the application when inputting a...

Security Bulletin: PostgreSQL as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-32028, CVE-2021-32027)

Summary PostgreSQL as used by IBM QRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2021-32028 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT …...

IBM QRadar SIEM 信息泄露漏洞

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. An information...