142 matches found
CVE-2026-13054
A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1...
CVE-2026-53908
CVE-2026-53908 affects MCO. The vulnerability enables user enumeration via authentication-related functions: username reminder and password reset responses differ for valid vs invalid users, allowing an attacker to discover valid usernames and email addresses. Vulnerable context: confirmed in ver...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the checkUserPassword process. An attacker can execute arbitrary queries on the backend database by injecting specially crafted input into the password field of a Graph...
PYSEC-2026-427 Modular Max Serve has Unsafe Deserialization vulnerability
Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...
MINI-6MGR-V25C-G9MM
Bulletin has no description...
CVE-2026-46400
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...
GHSA-Q4WQ-4WHJ-CXHX vulnerabilities
Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...
CVE-2025-10911 vulnerabilities
Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...
GHSA-75HH-423H-RVWG vulnerabilities
Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...
CVE-2026-34268 vulnerabilities
Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...
GHSA-5FXQ-F64V-57FQ vulnerabilities
Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...
GHSA-99RJ-3595-5FRJ vulnerabilities
Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...
CVE-2026-46400 HAXCMS PHP has a File Upload Validation Bypass
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...
CVE-2026-26378
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...
Seagate openSeaChest 安全漏洞
Seagate openSeaChest is a set of cross-platform storage device management tools developed by Seagate Corporation. The version of Seagate openSeaChest v25.05.3 contains a security vulnerability. This vulnerability stems from out-of-bounds writing and reading operations during the --showSCSIDefects...
CVE-2026-34643
CVE-2026-34643 affects Adobe After Effects versions 26.0, 25.6.4 and earlier with an out-of-bounds write (CWE-787) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The entry provides CVSS ...
EUVD-2026-26842
A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3...
CVE-2026-7703 AV Stumpfl Pixera Two Media Server Websocket API code injection
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...
AV Stumpfl Pixera Two Media Server 路径遍历漏洞
The AV Stumpfl Pixera Two Media Server is a professional media server system developed by the Austrian company AV Stumpfl. Versions of the AV Stumpfl Pixera Two Media Server 25.1 R2 and earlier contained a path traversal vulnerability. This vulnerability originated from an unknown function in the...
CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...