91 matches found
WordPress plugin Simple Fields 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
org.webjars.npm:built-in-math-eval (=0.3.0), org.webjars.npm:interval-arithmetic-eval (=0.4.6) potentially affected by CVE-2026-41507 via org.webjars.npm:math-codegen (=0.3.5)
org.webjars.npm:math-codegen MAVEN version =0.3.5 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:math-codegen and may be impacted: - org.webjars.npm:built-in-math-eval =0.3.0 - org.webjars.npm:interval-arithmetic-eval =0.4.6 Source cve...
CVE-2026-34240
JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...
CVE-2026-34240 jose vulnerable to untrusted JWK header key acceptance during signature verification
JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...
EUVD-2026-17498
JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...
CVE-2026-34240 jose vulnerable to untrusted JWK header key acceptance during signature verification
JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...
jose vulnerable to untrusted JWK header key acceptance during signature verification
A vulnerability in jose versions up to and including 0.3.5 could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even...
jose 数据伪造问题漏洞
Jose is a JavaScript module developed by Filip Skokan for JSON object signing and encryption. Versions of JOSE prior to 0.3.5+1 contained a data manipulation vulnerability. This vulnerability arises from the possibility that key selection may treat the jwk embedded in the JOSE header as a...
PT-2026-29287
JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...
CVE-2026-26801
Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...
pdfmake 安全漏洞
pdfmake is a pure JavaScript server-side and client-side PDF document generation library developed by Bartek Pampuch. There were security vulnerabilities in the version 0.3.0-beta.2 to 0.3.5 of pdfmake, which stemmed from the src/URLResolver.js component’s server-side request forgery vulnerabilit...
CVE-2026-25869
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25869
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25868
MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...
CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25869
MiniGal Nano up to version 0.3.5 is affected by a path traversal vulnerability in index.php via the dir parameter. The application builds the target path by appending user input to the photos directory and attempts to block traversal by removing dot-dot sequences, but this protection can be bypas...
CVE-2026-25868
MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...
MiniGal Nano 路径遍历漏洞
MiniGal Nano is a PHP album program developed by Rybber’s individual developer. Versions of MiniGal Nano prior to 0.3.5 had a path traversal vulnerability. This vulnerability stemmed from an issue with the dir parameter in the index.php file, which allowed for path traversal attacks. This could...
200-ok-boomer (>=2.0.0 <=2.1.0), 20190403-utils (=1.0.0) +10096 more potentially affected by CVE-2025-64718 via js-yaml (>=0.3.5 <=3.14.1)
js-yaml NPM version =0.3.5, =2.0.0, =1.0.0, =0.0.2, =1.0.0, =0.1.1, =0.1.0, =1.0.0, =0.2.39, =0.0.1, =1.0.2, =2.0.3, =2.0.7 and more Source cves: CVE-2025-64718 Source advisory: OSV:GHSA-MH29-5H37-FV8M...
EUVD-2009-0460
Malware in sbrugna...