27 matches found
PT-2026-49451
Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
CVE-2026-39562
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.10...
CVE-2026-35165
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...
CVE-2026-3180 Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cglmail’ parameter in all versions up to, and including, 28.1.4 due to insufficient escaping on the user supplied parameter...
CVE-2025-57156
Summary (CVE-2025-57156) : A NULL pointer dereference in the owntone-server component, specifically in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c, can be triggered by a remote attacker through commits up to 6d604a1 (post-version 28.12). This vulnerability allows remote Denial...
CVE-2025-64227 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.7...
PT-2025-48968
Name of the Vulnerable Software and Affected Versions MCP Gateway versions prior to 0.28.0 Description MCP Gateway, used for running and deploying MCP servers, is susceptible to DNS rebinding when operating in sse or streaming transport mode. An attacker can exploit this by tricking a user into...
EUVD-2025-74384
Malicious code in paleimpalaemerald-28 npm...
OPENSUSE-SU-2025:15395-1 docker-28.3.3_ce-26.1 on GA media
These are all security issues fixed in the docker-28.3.3ce-26.1 package on the GA media of openSUSE Tumbleweed...
IBM Spss Statistics 加密问题漏洞
IBM Spss Statistics is a software package from International Business Machines IBM, Inc. It is used for interactive or batch statistical analysis. An encryption issue vulnerability exists in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2, which stems from the use of a weak encrypti...
DSA-5867-1 gnutls28 - security update
Bulletin has no description...
PT-2024-32894 · Unknown · Tiki Wiki Cms
Name of the Vulnerable Software and Affected Versions: Tiki Wiki CMS versions prior to 28 Description: The issue is related to improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This occurs when the software does not properly handle special...
CVE-2024-8749
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...
PT-2024-39225 · Unknown · I-Doit Pro
Name of the Vulnerable Software and Affected Versions: idoit pro version 28 Description: A Cross-site Scripting XSS issue allows an attacker to retrieve session details of an authenticated user due to the lack of proper sanitization of the following parameters: id, lang, mNavID, name, pID,...
SUSE CVE-2024-23981
Wrap-around error in Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access...
SUSE CVE-2024-24986
Improper access control in Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access...
Reachfar GPS Log Information Disclosure Vulnerability
Reachfar GPS is a positioning module from Reachfar. A security vulnerability exists in Reachfar GPS version v28, which stems from the presence of an information disclosure vulnerability that could allow a remote attacker to retrieve sensitive information...
PT-2023-32138 · Unknown · Shenzhen Reachfar
Name of the Vulnerable Software and Affected Versions: Shenzhen Reachfar version v28 Description: The issue allows a remote attacker to retrieve all the week's logs stored in the 'log2' directory, potentially exposing sensitive information such as remembered wifi networks, sent messages, SOS devi...
CVE-2023-4676
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yordam MedasPro allows Reflected XSS. This issue affects MedasPro: before 28...