Astra Linux - уязвимость в openssh

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with...

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

CVE-2025-54971

The CVE-2025-54971 entry applies to Fortinet FortiADC: versions 6.2 and 7.0–7.2, and 7.4.0. The issue stems from information exposure that allows an admin with read-only privileges to obtain external resources passwords via the product logs, constituting a sensitive data disclosure vulnerability....

EUVD-2018-11408

Malware in sbrugna...

CVE-2025-39491

Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision...

WordPress WHMpress plugin <= 6.2-revision-9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin WHMpress versions = 6.2-revision-9...

WordPress Plugin MoveTo 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Fortinet FortiClientEms Information Disclosure Vulnerability

Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. A security vulnerability exists in Fortinet FortiClientEms that originates from an environment variable information leak in the login page. Affected products and versions: FortiClientEMS versions 7.0.6 through...

CVE-2023-27557

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM...

Fortinet FortiWeb 路径遍历漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A path traversal vulnerability exists in...

SUSE CVE-2023-22458

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...

Redis 输入验证错误漏洞

Redis Labs Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis Labs, Inc. that provides APIs in multiple languages. An input validation error vulnerability exists in Redis versions 7.0.x prior to 7.0.8 and 6.2.x prior...

CVE-2022-22360

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources...

CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

PT-2020-19939 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 6.2.0 through 6.2.38 ELTS TYPO3 versions 7.0.0 through 7.1.0 Description: The issue allows an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on a targeted system. This is due to a vulnerable...

Cross site scripting

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2018-2505

SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability in storefronts that are based on the product. Fixed in versions SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7...

CVE-2018-2505

SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability in storefronts that are based on the product. Fixed in versions SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7...

Cross site scripting

SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability in storefronts that are based on the product. Fixed in versions SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7...

Server side request forgery (ssrf)

Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure...