CVE-2026-10205 Metasoft 美特软件 MetaCRM upload.jsp unrestricted upload

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

CVE-2025-14510

CVE-2025-14510 affects ABB Ability OPTIMAX: 6.1, 6.2, and 6.3.0 before 6.3.1-251120, 6.4.0 before 6.4.1-251120. Root cause: incorrect implementation of the authentication algorithm, described as an authentication bypass in single sign-on. Administrative/impact details are not expanded beyond the ...

SUSE SLES15 Security Update : kernel (Live Patch 11 for SLE 15 SP6) (SUSE-SU-2025:3755-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3755-1 advisory. This update for the Linux Kernel 6.4.0-1506002350 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter:...

WordPress plugin Coupon Affiliates 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

NetScout nGeniusONE 信息泄露漏洞

NetScout nGeniusONE is a centralized application management and network performance solution from NetScout, Inc. A security vulnerability exists in NetScout nGeniusONE versions prior to 6.4.0 b2350, which originates from the possible disclosure of technical information via a stack trace...

GHSA-HH3M-G4QJ-4835 Spring Security Vulnerable to Authorization Bypass via Security Annotations

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or...

Tenable Security Center Security Breach

Tenable Security Center is a security center from Tenable USA. A security vulnerability exists in Tenable Security Center versions prior to 6.4.0 that originates from a vulnerability that allows an authenticated, remote attacker to view unauthorized objects and initiate scans without the required...

CVE-2022-3002

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

CVE-2022-2885

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

Fortinet FortiAuthenticator 授权问题漏洞

Fortinet FortiAuthenticator, a centralized user identity management solution from Fortinet, Inc. is vulnerable to an authentication bypass vulnerability in version 6.4.0 due to improper design or implementation of the authentication module code. issue. An attacker could exploit this vulnerability...

CVE-2021-43063

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage...

PT-2020-7002 · Fortinet · Forticlient For Linux

Name of the Vulnerable Software and Affected Versions: FortiClient for Linux versions 6.2.7 and below, version 6.4.0 Description: The issue is related to insecure privilege management in the VCM engine of FortiClient for Linux. Exploitation of this issue may allow a remote attacker to elevate the...

Cisco Firepower Threat Defense Input Validation Error Vulnerability (CNVD-2020-35682)

Cisco Firepower Threat Defense FTD is a suite of unified software that provides next-generation firewall services from the U.S. company Cisco Cisco. A security vulnerability exists in the TLS version 1.3 policy configured with a URL category in Cisco FTD Software versions 6.4.0 through 6.4.0.8...

CVE-2019-8988

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data...