CVE-2026-42087

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

CVE-2026-33177 Statamic is missing authorization check on taxonomy term creation via fieldtype

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the...

PT-2026-2484

Name of the Vulnerable Software and Affected Versions FortiSIEM version 7.4.0 FortiSIEM versions 7.3.0 through 7.3.4 FortiSIEM versions 7.1.0 through 7.1.8 FortiSIEM versions 7.0.0 through 7.0.4 FortiSIEM versions 6.7.0 through 6.7.10 Description An OS command injection issue exists in the...

CVE-2025-24537

Cross-Site Request Forgery CSRF vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through = 6.7.0...

PT-2024-21158 · Unknown · Product Catalog (Csv

Name of the Vulnerable Software and Affected Versions: Product Catalog CSV, Excel Import simpleimportproduct versions = 6.7.0 Description: A guest can upload files with extensions .php, potentially allowing malicious code execution. Recommendations: For versions = 6.7.0, restrict access to the fi...

PT-2023-27183 · Joomla · Acymailing Enterprise

Name of the Vulnerable Software and Affected Versions: AcyMailing Enterprise component for Joomla versions 6.7.0 through 8.6.3 Description: The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting XSS. This enables potential attackers to...

Serenity Serene 跨站脚本漏洞

Serenity Serene is serenity open source is an ASP.NET Core / TypeScript application platform . A security vulnerability exists in Serenity Serene StartSharp versions prior to 6.7.0, which stems from the fact that when a user uploads a temporary file, certain specific file extensions are not...

cn.hippo4j:hippo4j-monitor-elasticsearch (>=1.4.1 <=1.5.0), cn.hippo4j:hippo4j-monitor-es (>=1.4.0 <=1.4.0-alpha) +186 more potentially affected by CVE-2019-7619 via org.elasticsearch:elasticsearch (>=6.7.0 <=6.8.3)

org.elasticsearch:elasticsearch MAVEN version =6.7.0, =1.4.1, =1.4.0, =6.8.13, =6.7.2, =0.9.0.0, =0.9.0.0, =0.9.0.0, =6.7.0.0, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =6.7.0-33.3, =6.8.3-34.5 and more Source cves: CVE-2019-7619 Source advisory: OSV:GHSA-HXP8-R9G3-GRFRhttps://vulners.co...

CVE-2019-7619

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm...

Design/Logic Flaw

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm...