CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

CVE-2026-39346

OrangeHRM Open Source versions 5.0–5.8 are affected by an Improper Access Control via URL-encoded paths that lets authenticated users access modules disabled by an administrator. Root cause: bypass of disabled-module access controls. Impact: exposure of module functionality with LOW impact to con...

CVE-2026-39345

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.0.0-RC1 to 4.16.17, and from 5.0.0-RC1 to 5.8.21 of Craft CMS. These vulnerabilities stem from the IP address validation function’s inability to recognize alternate...

EUVD-2026-0825

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update ...

CVE-2025-68437

CVE-2025-68437 affects Craft CMS via SSRF in the GraphQL mutation save__Asset , caused by insufficient validation of the _file.url parameter. Affected versions are 5.0.0-RC1–5.8.20 and 4.0.0-RC1–4.16.16 . An attacker with asset-management permissions can supply a URL pointing to internal IPs or c...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL CyaSSL versions 5.8.2 and earlier, which stems from improper validation of the TLS 1.3 CertificateVerify...

WordPress WP Scraper plugin <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Valatty in WordPress Plugin TwentyFourth WP Scraper versions = 5.8.1...

WordPress Tagembed plugin <= 5.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Tagembed versions = 5.8...

Vocera Report Server 路径遍历漏洞

Vocera Report Server is a reporting application from Vocera USA. It is used to collect data from data logs created by Vocera system software and to build reports. A security vulnerability exists in Vocera Report Server and Voice Server versions 5.x - 5.8, which stems from the Vocera Report Consol...

PT-2022-35206 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.8 through v5.15.76 Description: The issue is related to CMDQ memory leaks in the hinic net module. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions v5.8...

CVE-2018-5787

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM Radio Interface Module process running on the WiNG Access Point via crafted packets...

PT-2012-1158 · Openssh +4 · Openssh +4

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 5.8 and earlier Description: The issue allows remote authenticated users to cause a denial of service, specifically memory consumption, when gssapi-with-mic authentication is enabled. This is due to the ssh gssapi parse ename...

PT-2009-4378 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 8 Description: A remote code execution issue exists due to improper handling of table operations, allowing attackers to execute arbitrary code via a crafted HTML document that triggers...