EUVD-2024-55596

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...

CVE-2026-23514

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the comment block modification process. An attacker can alter comments created by other users by leveraging editor permissions without proper authorization checks. Remediation Upgrade...

@chocolatey-software/astro (>=2.0.0 <=2.5.0), choco-astro (>=0.3.1 <=0.4.0) potentially affected by CVE-2026-27829 via @astrojs/node (>=9.2.2 <=9.5.2)

@astrojs/node NPM version =9.2.2, =2.0.0, =0.3.1, =0.4.0 Source cves: CVE-2026-27829 Source advisory: OSV:GHSA-CJ9F-H6R6-4CX2...

EUVD-2016-5630

Malware in sbrugna...

MAL-2025-41254 Malicious code in orion-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d017f02da39bfb33285066e5d65476f32d57195efe73652d4659863fe7b0367c The OpenSSF Package Analysis project identified 'orion-ui' @ 9.2.3 npm as malicious. It is considered malicious because: - The package...

CVE-2023-44762

A Cross Site Scripting XSS vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags...

PT-2024-8964 · Brocade · Brocade Fabric Os

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 9.2.2 Description: The issue is related to weaknesses in the authentication procedure of Brocade Fabric OS, allowing a remote attacker to hijack a service session. This could be achieved through...

PT-2024-27235 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Splunk Cloud Platform versions prior to 9.1.2308.207...

CVE-2023-48649

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name...

PT-2023-30868 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions prior to 8.5.13 Concrete CMS versions 9.x prior to 9.2.2 Description: The issue allows unauthorized access due to directories being created with insecure permissions. File creation functions, such as the Mkdir function,...

CVE-2023-44762

Concrete CMS initiates a Cross Site Scripting (XSS) vulnerability in the Tags feature under Settings - Tags for versions 9.2.0 to 9.2.2. The issue arises in the Tags handling, allowing an attacker to execute arbitrary code via a crafted script. According to the CVE description, exploitation requi...

Sql injection

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attack...

GHSA-8GR3-2GJW-JJ7G Hidden functionality in node-ipc

The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions 9.2.2...

CVE-2020-4553

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force I...

CVE-2020-4551

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force I...

CVE-2020-4554

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force I...

Newspaper Theme < 9.5 - Cross-Site Scripting (XSS)

Description From the changelog: Newspaper - Version: 9.2.2 fix: XSS Security issue...

VMware AirWatch Console 9.1.x < 9.1.5 / 9.2.x < 9.2.2 XSRF

According to its self-reported version, the install of VMware AirWatch Console running on the remote host is 9.1.x prior to 9.1.5 or 9.2.x prior to 9.2.2. It is, therefore, affected by a user-input validation error that allows cross-site request forgery XSRF attacks. Note that Nessus has not test...