Total
216 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48654 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.8 HIGH |
|
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2026-28722 | 2026-03-06 | N/A | 7.3 HIGH | ||
|
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
|
|||||
| CVE-2026-28721 | 2026-03-06 | N/A | 7.3 HIGH | ||
|
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
|
|||||
| CVE-2023-44209 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2026-03-06 | N/A | 7.8 HIGH |
|
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 29051, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
|
|||||
| CVE-2026-3404 | 2026-03-02 | 4.6 MEDIUM | 5.0 MEDIUM | ||
|
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any ...
Show More |
|||||
| CVE-2026-2536 | 2026-02-18 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-2074 | 1 Zoneland | 1 O2oa | 2026-02-17 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2026-1218 | 2026-01-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performing a manipulation results in xml external entity reference. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-11341 | 1 Jinher | 1 Jinher Oa | 2026-01-16 | 7.5 HIGH | 7.3 HIGH |
|
A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2022-23439 | 1 Fortinet | 14 Fortiadc, Fortiauthenticator, Fortiddos and 11 more | 2026-01-14 | N/A | 4.7 MEDIUM |
|
A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
|
|||||
| CVE-2024-6717 | 1 Hashicorp | 1 Nomad | 2026-01-02 | N/A | 7.7 HIGH |
|
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
|
|||||
| CVE-2025-68478 | 1 Langflow | 1 Langflow | 2026-01-02 | N/A | 7.1 HIGH |
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.
|
|||||
| CVE-2025-15251 | 2025-12-31 | 5.1 MEDIUM | 5.6 MEDIUM | ||
|
A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue repor ...
Show More |
|||||
| CVE-2024-7625 | 1 Hashicorp | 1 Nomad | 2025-12-29 | N/A | 5.8 MEDIUM |
|
In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability.
|
|||||
| CVE-2025-48598 | 1 Google | 1 Android | 2025-12-08 | N/A | 6.6 MEDIUM |
|
In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-12381 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-11-25 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62.
|
|||||
| CVE-2025-13209 | 2025-11-18 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity reference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2023-40194 | 1 Foxitsoftware | 1 Foxit Reader | 2025-11-04 | N/A | 8.8 HIGH |
|
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is e ...
Show More |
|||||
| CVE-2023-39542 | 1 Foxitsoftware | 1 Foxit Reader | 2025-11-04 | N/A | 8.8 HIGH |
|
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
|
|||||
| CVE-2023-35985 | 1 Foxitsoftware | 1 Foxit Reader | 2025-11-04 | N/A | 8.8 HIGH |
|
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin ...
Show More |
|||||
| CVE-2023-49864 | 1 Wwbn | 1 Avideo | 2025-11-04 | N/A | 6.5 MEDIUM |
|
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_image` parameter.
|
|||||
| CVE-2023-49863 | 1 Wwbn | 1 Avideo | 2025-11-04 | N/A | 6.5 MEDIUM |
|
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_webpimage` parameter.
|
|||||
| CVE-2023-49862 | 1 Wwbn | 1 Avideo | 2025-11-04 | N/A | 6.5 MEDIUM |
|
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_gifimage` parameter.
|
|||||
| CVE-2025-0111 | 1 Paloaltonetworks | 1 Pan-os | 2025-11-04 | N/A | 6.5 MEDIUM |
|
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.
You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community ...
Show More |
|||||
| CVE-2024-10979 | 1 Postgresql | 1 Postgresql | 2025-11-03 | N/A | 8.8 HIGH |
|
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
|
|||||
| CVE-2022-27593 | 1 Qnap | 2 Photo Station, Qts | 2025-11-03 | N/A | 10.0 CRITICAL |
|
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
|
|||||
| CVE-2025-9065 | 1 Rockwellautomation | 1 Thinmanager | 2025-10-20 | N/A | 8.8 HIGH |
|
A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.
|
|||||
| CVE-2022-20239 | 1 Google | 1 Android | 2025-10-20 | N/A | 9.8 CRITICAL |
|
remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091
|
|||||
| CVE-2025-3241 | 1 Zhangyanbo2007 | 1 Youkefu | 2025-10-10 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-10091 | 1 Jinher | 1 Jinher Oa | 2025-10-09 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-10092 | 1 Jinher | 1 Jinher Oa | 2025-10-09 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-11035 | 1 Jinher | 1 Jinher Oa | 2025-10-08 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-11140 | 1 Zhiyou-group | 1 Zhiyou Erp | 2025-10-03 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-10816 | 1 Jinher | 1 Jinher Oa | 2025-10-03 | 7.5 HIGH | 7.3 HIGH |
|
A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity reference. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2025-8057 | 2025-09-17 | N/A | 6.5 MEDIUM | ||
|
Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client.This issue affects HumanSuite: before 53.21.0.
|
|||||
| CVE-2024-49722 | 1 Google | 1 Android | 2025-09-04 | N/A | 5.5 MEDIUM |
|
In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-49728 | 1 Google | 1 Android | 2025-09-04 | N/A | 5.5 MEDIUM |
|
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-0082 | 1 Google | 1 Android | 2025-09-02 | N/A | 5.5 MEDIUM |
|
In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2025-26417 | 1 Google | 1 Android | 2025-09-02 | N/A | 4.0 MEDIUM |
|
In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48963 | 2025-08-29 | N/A | 7.3 HIGH | ||
|
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40296.
|
|||||