CVE-2026-22277

Dell UnityVSA, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

EUVD-2025-205236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...

CVE-2025-34266

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...

EUVD-2025-35459

Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through = 5.4...

WordPress plugin vanquish WooCommerce Orders & Customers Exporter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

CVE-2025-5167

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argument out leads to out-of-bounds read. The...

CVE-2024-44725

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php...

CVE-2025-24381

Dell Unity, versions 5.4 and prior, contains an URL Redirection to Untrusted Site 'Open Redirect' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The...

CVE-2025-24382

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

Open Asset Import Library（assimp） 安全漏洞

Open Asset Import Library assimp is a library in the Open Asset Import Library open source. A security vulnerability exists in Open Asset Import Library assimp version 5.4.3, which stems from an incorrect manipulation of the parameter data that can cause a heap buffer overflow...

AutoCMS 安全漏洞

AutoCMS is a content management system CMS from AutoCMS Open Source. It can help dealerships manage their website content, online advertising, social media and analytics. AutoCMS version 5.4 suffers from a SQL injection vulnerability that originates from the lack of validation of externally enter...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices, which arises from the use of implicit intent for sensitive communications. The following...

WordPress Plugin The Plus Addons for Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2022-36381 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.225 Description: The issue is related to the 9p/trans fd functionality, where it does not always use O NONBLOCK for read/write operations. The actual impact and potential for attack have not been proven yet...

SQL Injection Vulnerability in WebShow Shopping System V5.4 listjp.asp

Net show shopping system is a shopping site developed with asp + access. A SQL injection vulnerability exists in NetShow Shopping System V5.4 listjp.asp. An attacker can obtain sensitive database information by constructing specific SQL statements...

UPM Doesn't Migrate Local User Profiles Since Version 5.4.1

In UPM 5.4.1 and later versions, UPM doesn't migrate local user profiles to UPM store. Then users who are using local profile is unable to retain their personal settings by UPM...

Fortinet FortiClient SSLVPN Local Information Disclosure Vulnerability

Fortinet FortiClient is a Fortinet endpoint security solution that provides end users with anti-virus, encryption and other services. A local information disclosure vulnerability exists in Fortinet FortiClient SSLVPN version 5.4, which could be exploited by attackers to obtain sensitive informati...