261 artykułów
A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control o...
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute ...
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such man...
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a m...
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manip...
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Hand...
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manip...
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the ...
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` fu...
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler....
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a ma...
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipu...
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipula...
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution....
Atakujący mogą wykorzystać dane uzyskane poprzez sniffing ruchu sieciowego do sfałszowania pakietów w celu wykonania arbitralnych żądań do Contemporary Controls BASC 20T....
When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanis...
Zidentyfikowano dwie podatności wysokiej ważności w Palo Alto Networks Cortex XSOAR, Cortex XSIAM oraz ADEM. CVE-2026-0233 i CVE-2026-0234 umożliwiają nieuwierzytelnionemu atakującemu obejście mechanizmów bezpieczeństwa i zdalne wykonanie dowolnego kodu.
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints tha...
V2Board 1.6.1 do 1.7.4 i Xboard do 0.1.9 ujawniają tokeny uwierzytelniania w treści odpowiedzi HTTP endpointu loginWithMailLink, gdy funkcja login_with_mail_link_enable jest aktywna. Nieuwierzytelnien...
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed dire...
Zidentyfikowano podatność eskalacji uprawnień w urządzeniach SonicWall Secure Mobile Access (SMA) 1000. CVE-2026-4112 umożliwia zdalnemu atakującemu uzyskanie podwyższonych uprawnień, co może prowadzić do kompromitacji systemu i nieautoryzowanego dostępu do zasobów sieciowych.
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the ...
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of th...
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the arg...
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI ...
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a...
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation...
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipu...
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulati...
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipul...
QD 20230821 jest podatny na Server-side request forgery (SSRF) poprzez spreparowane żądanie...
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution....
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acces...
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script....
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and includi...
Podatność Server-Side Request Forgery (SSRF) istnieje w funkcjonalności Print Format aplikacji ERPNext v16.0.1 i Frappe Framework v16.1.1, gdzie dostarczone przez użytkownika HTML nie jest wystarczają...
The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to...
The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, a...
The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic...
Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplyi...
In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens (JWT). This vulnerabilit...
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all v...
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can...
A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer over...
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer ...
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows atta...
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through th...
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input...
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit ...
Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and w...
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with en...
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl...
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can u...
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the a...
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to ad...
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system comm...
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthentica...
Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash th...
NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to...
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests....
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers ...
Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbit...
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the lates...
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call....
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network....
The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can...
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network....
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication....
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network....
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network....
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network....
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to...
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote ...
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution....
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This c...
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the seri...
TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payloa...
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP ...
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request....
The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write acces...
A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the sys...
XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication....
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SS...
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP...
An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload....
TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not ...
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-He...
An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys....
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability c...
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H...
Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag...
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a singl...
A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without pro...
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which provides ...
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code...
OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administra...
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privil...
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The ...
OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious c...
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_fi...
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in all versions up to, and including, 1.7.36. This is d...
Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP lead...
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file via the "msg" parameter. The applic...
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE....
A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam...
OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrai...
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX ...
OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times be...
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. ...
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always ...
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect us...
The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of ...
In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by th...
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user...
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter....
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter....
Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentia...
The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the ...
plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling....
Problem z obsługą ścieżki został rozwiązany dzięki ulepszeniu walidacji. Błąd naprawiono w iOS 26.4 i iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. Aplikacja...
Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1....
Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a throug...
pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to i...
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. T...
Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <...
Podatność polegająca na ominięciu uwierzytelniania przy użyciu alternatywnej ścieżki lub kanału w NooTheme Jobica Core jobica-core umożliwia nadużycie uwierzytelniania. Dotyczy Jobica Core: od n/a do ...
Podatność deserializacji niezaufanych danych w ThemeREX Buisson (buisson) umożliwia wstrzyknięcie obiektu (Object Injection). Problem dotyczy Buisson w wersjach od n/a do <= 1.1.11....
Problem podczas parsowania ścieżek katalogów został rozwiązany dzięki ulepszonej walidacji ścieżek. Problem został naprawiony w macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. Aplikacja m...
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memor...
Nieprawidłowa neutralizacja elementów specjalnych używanych w poleceniu SQL (podatność SQL Injection) we wtyczce Devteam HaywoodTech Product Rearrange for WooCommerce umożliwia atak Blind SQL Injection...
Nieprawidłowa neutralizacja elementów specjalnych używanych w poleceniu SQL (podatność 'SQL Injection') w chatbocie QuantumCloud ChatBot umożliwia atak Blind SQL Injection. Podatność dotyczy ChatBot: ...
Podatność nieprawidłowego przypisania uprawnień w Bit Apps Bit SMTP (bit-smtp) umożliwia eskalację uprawnień. Problem dotyczy Bit SMTP w wersjach od n/a do <= 1.2.2....
Podatność niekontrolowanego przesyłania pliku niebezpiecznego typu w denishua WPJAM Basic wpjam-basic umożliwia wykorzystanie złośliwych plików. Dotyczy WPJAM Basic w wersjach od n/a do <= 6.9.2....
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6....
Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a thro...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects Publ...
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through ...
Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication....
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_c...
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accept...
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9....
Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9....
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9....
Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
Błędy bezpieczeństwa pamięci obecne w Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 i Thunderbird 148. Niektóre z tych błędów wykazały oznaki uszkodzenia pamięci i przypuszczamy, że przy wysta...
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149....
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149....
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0....
Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72....
CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11....
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise ...
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffe...
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functio...
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Servi...
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security:...
Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network....
Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality. The issue exists in /website_code/php/import/import...
WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurar_produto.php endpoint. The vulnerability a...
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' functi...
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management ...
Krytyczna podatność Path Traversal w Ubiquiti UniFi Network Application (CVSS 10.0) pozwala nieuwierzytelnionemu atakującemu na dostęp do plików systemu operacyjnego i przejęcie konta. Dotyczy urządzeń Dream Machine i wszystkich instalacji UniFi Network Application <= 10.1.85.
Podatność NoSQL Injection w Ubiquiti UniFi Network Application (CVSS 7.7) umożliwia uwierzytelnionemu atakującemu eskalację uprawnień. W połączeniu z CVE-2026-22557 (CVSS 10.0) tworzy łańcuch ataku prowadzący do pełnej kompromitacji systemu.
Podatność CVE-2026-23554 w Citrix XenServer 8.4 i wcześniejszych umożliwia uprzywilejowanemu użytkownikowi maszyny wirtualnej dostęp do fragmentów pamięci hosta, co może prowadzić do eskalacji uprawnień, wycieku informacji lub zakłócenia dostępności systemu.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects Build...
Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1....
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: ...
Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Ca...
Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a th...
An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function...
OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an e...
Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network....
OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When tha...
Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome an...
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a...
Ivanti Endpoint Manager (EPM) zawiera authentication bypass using an alternate path or channel vulnerability that could allow zdalny nieuwierzytelniony atakujący to leak specific stored credential dat...
Multiple Qualcomm chipsets zawierają podatność uszkodzenia pamięci while using alignments for memory allocation. ...
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, prowadząc do approval-free execut...
Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, zawierają podatność umożliwiającą ominięcie uwierzytelniania could allow nieuwierz...
Soliton Systems K.K FileZen zawiera podatność umożliwiającą wstrzykiwanie poleceń systemu operacyjnego (OS Command Injection) when an user logs-in to the affected product and sends a specially crafted...
Statmatic is a Laravel and Git powered content management system (CMS). przed wersją versions 6.3.3 and 5.73.10, atakujący may leverage a vulnerability in the password reset feature to capture a user'...
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1....
Dell RecoverPoint for Virtual Machines (RP4VMs) zawiera use of hard-coded credentials vulnerability that could allow nieuwierzytelniony zdalny atakujący to uzyskanie nieautoryzowanego dostępu to the u...
Google Chromium CSS zawiera podatność użycia po zwolnieniu pamięci (use-after-free) która może pozwolić zdalnemu atakującemu na potentially exploit heap corruption za pomocą spreparowanego HTML page. ...
Produkty BeyondTrust Remote Support (RS) i Privileged Remote Access (PRA) zawierają podatność umożliwiającą wstrzykiwanie poleceń systemu operacyjnego. Udana eksploatacja może pozwolić nieuwierzytelnionemu zdalnemu atakującemu na...
Apple iOS, macOS, tvOS, watchOS i visionOS zawierają podatność nieprawidłowego ograniczenia operacji w granicach bufora pamięci, która może pozwolić atakującemu z możliwością zapisu do pamięci na...
Powłoka Microsoft Windows (Windows Shell) zawiera podatność w mechanizmie ochrony, która może pozwolić nieautoryzowanemu atakującemu na obejście zabezpieczeń przez sieć.
Microsoft Internet Explorer zawiera podatność w mechanizmie ochrony, która może pozwolić nieautoryzowanemu atakującemu na obejście funkcji zabezpieczeń przez sieć.
Microsoft Office Word zawiera podatność polegającą na poleganiu na niezaufanych danych wejściowych przy podejmowaniu decyzji dotyczących bezpieczeństwa, co może pozwolić autoryzowanemu atakującemu na eskalację uprawnień lokalnie.
Microsoft Desktop Windows Manager zawiera podatność typu pomylenie typów (type confusion), która może pozwolić autoryzowanemu atakującemu na eskalację uprawnień lokalnie.
Usługi pulpitu zdalnego Microsoft Windows (Remote Desktop Services) zawierają podatność w nieprawidłowym zarządzaniu uprawnieniami, która może pozwolić autoryzowanemu atakującemu na eskalację uprawnień lokalnie.
SmarterTools SmarterMail zawiera podatność braku uwierzytelniania dla krytycznej funkcji w metodzie API ConnectToHub. Może to pozwolić atakującemu na przekierowanie instancji SmarterMail na złośliwy serwer HTTP...
Ivanti Endpoint Manager Mobile (EPMM) zawiera podatność wstrzykiwania kodu, która może pozwolić atakującym na nieuwierzytelnione zdalne wykonanie kodu....
Fortinet FortiAnalyzer, FortiManager, FortiOS i FortiProxy zawierają podatność ominięcia uwierzytelniania poprzez alternatywną ścieżkę lub kanał, która może pozwolić atakującemu z kontem FortiCloud...
Microsoft Office zawiera podatność umożliwiającą obejście funkcji bezpieczeństwa, w której poleganie na niezaufanych danych wejściowych przy podejmowaniu decyzji bezpieczeństwa może pozwolić na obejście...
SmarterTools SmarterMail zawiera podatność ominięcia uwierzytelniania w API resetowania hasła. Endpoint force-reset-password pozwala na anonimowe żądania i nie weryfikuje hasła ani tokenu resetowania...
GNU InetUtils zawiera podatność typu argument injection w telnetd, która może umożliwić zdalne ominięcie uwierzytelniania poprzez wartość "-f root" dla zmiennej środowiskowej USER...
A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present ...
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_...
F5 BIG-IP AMP contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution....
In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution....
NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier...
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8...
Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting ...
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corrup...
Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code....
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes....
Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS, and iPadOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write ...
Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios....
Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2....
Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0....
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML....
n8n zawiera improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system która umożliwia for remote code execution....
SolarWinds Web Help Desk zawierają podatność deserializacji niezaufanych danych in AjaxProxy która może pozwolić atakującemu na run commands on the host machine....
A podatność złamanej kontroli dostępu exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and wykonanie dowolnego kodu as a privileged account via ...
Alert bezpieczeństwa - CVE-2025-40539 (Solarwinds Serv-U). CVSS: 9.1 (Krytyczny). EPSS: 0%.
Alert bezpieczeństwa - CVE-2025-40540 (Solarwinds Serv-U). CVSS: 9.1 (Krytyczny). EPSS: 0%.
Alert bezpieczeństwa - CVE-2025-40541 (Solarwinds Serv-U). CVSS: 9.1 (Krytyczny). EPSS: 0%.
RoundCube Webmail zawiera podatność deserializacji niezaufanych danych, która umożliwia zdalne wykonanie kodu przez uwierzytelnionych użytkowników, ponieważ parametr _from w URL nie jest walidowany.
RoundCube Webmail zawiera podatność Cross-Site Scripting (XSS) poprzez znacznik animate w dokumencie SVG.
Alert bezpieczeństwa - CVE-2025-12107 (Wso2 Identity serwer). CVSS: 10.0 (Krytyczny). EPSS: 0%.
A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads może prowadzić do remote cod...
Notepad++ przy korzystaniu z aktualizatora WinGUp zawiera podatność pobierania kodu bez weryfikacji integralności, która może pozwolić atakującemu na przechwycenie lub przekierowanie ruchu aktualizacji w celu pobrania i wykonania...
SolarWinds Web Help Desk zawiera podatność obejścia kontroli bezpieczeństwa, która może pozwolić nieuwierzytelnionemu atakującemu na uzyskanie dostępu do określonych zastrzeżonych funkcji....
Krytyczna podatność OS Command Injection w React Native Community CLI umożliwia nieuwierzytelnionym atakującym wysyłanie żądań POST do serwera Metro Development i uruchamianie dowolnych plików wykonywalnych.
Krytyczna podatność deserializacji niezaufanych danych w SolarWinds Web Help Desk umożliwia zdalne wykonanie kodu i uruchamianie poleceń na maszynie hosta bez uwierzytelnienia.
Sangoma FreePBX Endpoint Manager zawiera podatność wstrzykiwania poleceń systemu operacyjnego, która może pozwolić uwierzytelnionemu użytkownikowi na wstrzyknięcie polecenia po uwierzytelnieniu poprzez funkcję testconnection -> ch...
SmarterTools SmarterMail zawiera podatność nieograniczonego przesyłania plików niebezpiecznego typu, która może pozwolić nieuwierzytelnionemu atakującemu na przesłanie dowolnych plików do dowolnej lokalizacji na serwerze pocztowym...
JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers ...
TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can...
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boun...
MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers ...
Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malici...
EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can se...
Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads wi...
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows a...
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attacker...
Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attacker...
Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized paylo...
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will ...
Omnissa Workspace One UEM zawiera podatność server-side request forgery (SSRF), która mogłaby umożliwić złośliwemu aktorowi posiadającemu dostęp sieciowy ...
Multiple Hikvision products zawierają podatność nieprawidłowego uwierzytelniania that could allow a malicious user to escalate privileges on the system and gain access to sensitive information....
Multiple Rockwell products zawierają insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controller...
Apple tvOS, macOS, Safari, iPadOS and watchOS zawierają integer overflow or wraparound vulnerability z powodu the processing of maliciously crafted web content that może prowadzić do arbitrary code ex...
Apple iOS and iPadOS zawierają podatność użycia po zwolnieniu pamięci (use-after-free). An app may be able to wykonanie dowolnego kodu with kernel privileges....
Apple macOS, iOS, iPadOS, and Safari 16.6 zawierają podatność użycia po zwolnieniu pamięci (use-after-free) z powodu the processing of maliciously crafted web content that może prowadzić do memory cor...
Cisco SD-WAN CLI zawiera podatność traversal ścieżki that could allow an authenticated local attacker to uzyskanie podwyższonych uprawnień via improper access controls on commands within the applicati...
Microsoft Windows Video ActiveX Control zawiera podatność umożliwiającą zdalne wykonanie kodu. atakujący could exploit the vulnerability by constructing a specially crafted Web page. When a user views...
Synacor Zimbra Collaboration Suite (ZCS) zawiera server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled....
TeamT5 ThreatSonar Anti-Ransomware zawiera unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of uploaded files. Remote a...
Microsoft Configuration Manager zawiera podatność wstrzykiwania SQL. Nieuwierzytelniony atakujący może wykorzystać tę podatność wysyłając specjalnie spreparowane żądania do docelowego środowiska...
Sangoma FreePBX zawiera podatność nieprawidłowego uwierzytelniania, która umożliwia nieautoryzowanym użytkownikom obejście uwierzytelniania hasłem i dostęp do usług panelu administracyjnego FreePBX.
Jądro systemu Linux zawiera podatność typu przepełnienie liczby całkowitej w funkcji create_elf_tables(), która może pozwolić nieuprzywilejowanemu lokalnemu użytkownikowi z dostępem do binarki SUID na eskalację uprawnień...