Aggregator

Pimcore customer-data-framework 4.2.0 - SQL injection

Pimcore 11.4.2 - Stored cross site scripting

OpenPanel 0.3.4 - Directory Traversal

OpenPanel 0.3.4 - Incorrect Access Control

OpenPanel 0.3.4 - OS Command Injection

OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal

SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)

GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)

GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)

GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS)

GestioIP 3.5.7 - Cross-Site Scripting (XSS)

GestioIP 3.5.7 - Remote Command Execution (RCE)

A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt.

保障生产业务安全、稳定、高效运行。

规范自动化决策算法

规范自动化决策算法

A vulnerability was found in Fannuo Enterprise Content Management System 凡诺企业网站管理系统 1.1/4.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/cms_chip.php. The manipulation of the argument del leads to sql injection. This vulnerability was named CVE-2025-3571. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Google Android and classified as critical. Affected by this issue is some unknown functionality of the component Qualcomm Camera Driver. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2017-0521. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Google Android. It has been classified as problematic. This affects an unknown part of the component Qualcomm Video Driver. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2016-8478. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in MIT Kerberos 5-1.7/5-1.7.1/5-1.8/5-1.8.1 and classified as problematic. Affected by this issue is some unknown functionality of the file do_tgs_req.c of the component Key Distribution Center. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2010-1320. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.