Astra Linux - уязвимость в golang-1.19

On Unix platforms, the Go runtime behaves differently when a binary is run with the setuid/setgid bits enabled. This can be dangerous in certain situations, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standa...

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-44003 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

IOBit IObit Advanced SystemCare 后置链接漏洞

IOBit Advanced SystemCare is a system management utility developed by IOBit Corporation. This program is primarily used for scanning, repairing, and optimizing systems. Version 19 of IOBit Advanced SystemCare contained a post-installation vulnerability, which was caused by a issue with the Servic...

PT-2026-37038

Name of the Vulnerable Software and Affected Versions IObit Advanced SystemCare 19 Description A security flaw in the Service component's "ASC.exe" file allows for symlink following. A symbolic link symlink is a type of file that points to another file or directory. This issue requires local acce...

Astra Linux - уязвимость в golang-1.19, golang-1.23

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private...

Astra Linux - уязвимость в thunderbird

The Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker who cooperated with a malicious home server could interfere with the verification process between two users, substituting their own cross-signed user identity wi...

CVE-2025-36597

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information...

Dell Avamar 路径遍历漏洞

Dell Avamar is a specially designed backup application developed by the American company Dell. It provides a convenient, packaged, affordable, and data-duplication-removal-based backup solution. Prior to version 19.12 of Dell Avamar, there was a path traversal vulnerability. This vulnerability...

CVE-2026-2101

CVE-2026-2101 is a reflected XSS vulnerability in ENOVIAvpm Web Access, affecting ENOVIAvpm versions 1 Release 16 through 1 Release 19. The issue allows an attacker to cause arbitrary script execution in a user’s browser session after input is reflected in the response. The CVSS-3.1 base score is...

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Version 19.1 of Deciso OPNsense contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the mailserver parameter in the monit interface, which ma...

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation of the value parameter in the...

CVE-2025-64988

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...

CVE-2025-64988 Command Injection in 1E-Nomad-GetCmContentLocations Instruction

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...

CVE-2025-64988

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...

CVE-2025-13632

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

CVE-2025-13143 Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.12.0 - Cross-Site Request Forgery to Account Disconnection

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insufficient nonce validation on the disconnectaccountaction function. This makes it possible for...

CVE-2025-57389

A reflected cross-site scripting XSS vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. This vulnerability was fixed in OpenWRT v19.07.0...

CVE-2025-43888

Dell PowerProtect Data Manager, Hyper-V, versions 19.19 and 19.20, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

CVE-2025-43888

CVE-2025-43888 affects Dell PowerProtect Data Manager (Hyper-V) versions 19.19 and 19.20. Description: insertion of sensitive information into log files could allow a low-privileged, local attacker to gain unauthorized access. Exploitation status not detailed in the documents. Remediation: apply ...

Linux Distros Unpatched Vulnerability : CVE-2024-29477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute...