6 matches found
CVE-2026-59817
Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...
PT-2025-51560
WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete any file on the server using path traversal in the ilog script. This script is being run with root...
CVE-2025-55087
In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters...
Eclipse ThreadX NetX Duo 缓冲区错误漏洞
Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A buffer error vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.4, which stems from a potential out-of-bounds read issue in the nxicmpv6validateoptions function when processing...
Eclipse ThreadX NetX Duo 安全漏洞
Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.4, which stems from the processing of IPv4 packets with a timestamp option that can lead to out-of-bounds reads...
VulnCheck KEV: CVE-2018-17254
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter...