CVE-2025-64513

CVE-2025-64513 describes a critical authentication bypass in the Milvus Proxy component of Milvus. An unauthenticated attacker can bypass all authentication, gaining full administrative access to the Milvus cluster, with read/modify/delete of data and privileged operations such as database or col...

PT-2025-46212

Name of the Vulnerable Software and Affected Versions Milvus versions prior to 2.4.24 Milvus versions 2.5.0 through 2.5.20 Milvus versions 2.6.0 through 2.6.4 Description An unauthenticated attacker can bypass authentication mechanisms in the Milvus Proxy component, gaining full administrative...

PT-2025-11603 · Ibm · Ibm Qradar Advisor

Name of the Vulnerable Software and Affected Versions: IBM QRadar Advisor versions 1.0.0 through 2.6.5 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This is due to a...

PT-2025-7766 · Unknown · Namaste! Lms

Name of the Vulnerable Software and Affected Versions: Namaste! LMS versions 2.6.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. Recommendations: For versions 2.6.5 and earlier, update to a version that contains...

PT-2024-30912 · WordPress · Kevon Adonis Wp Abstracts

Name of the Vulnerable Software and Affected Versions: Kevon Adonis WP Abstracts versions 2.6.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacke...

WordPress plugin HT Mega 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-39949 Improper validation of sequence numbers leading to remotely reachable assertion failure

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions...

SUSE CVE-2015-8365

The smkadecodeframe function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly...

Apache Kylin 操作系统命令注入漏洞

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. Kylin suffers from an operating system command...

WordPress plugin Kraken.io Image Optimizer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2021-32663

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later...

Design/Logic Flaw

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later...

CVE-2021-32664 Reflected XSS in Combodo/iTop

Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5...

CVE-2018-19622

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows...