@alexaegis/svelte-config (>=0.5.7 <=0.14.1), @good-energy/elements (=0.0.1) +23 more potentially affected by CVE-2026-27118 via @sveltejs/adapter-vercel (>=1.0.0-next.31 <=5.10.3)

@sveltejs/adapter-vercel NPM version =1.0.0-next.31, =0.5.7, =0.0.32, =1.0.3, =1.0.0, =1.0.4, =0.12.3, =1.0.0, =0.0.1-beta.153, =1.0.0-next.1, =1.0.0-next.0, =2.1.1, =2.4.44 and more Source cves: CVE-2026-27118 Source advisory: OSV:GHSA-9PQ4-5HCF-288C...

CVE-2025-62042

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through = 5.10.3...

EUVD-2025-35379

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through = 5.10.3...

CVE-2025-62042

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through = 5.10.3...

CVE-2025-25298

Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hashing. Bcryptjs ignores any bytes beyond 72, so passwords longer than 72 bytes are silently truncated. A user can create an account...

Weak Encoding for Password

Overview @strapi/admin is a Strapi Admin Affected versions of this package are vulnerable to Weak Encoding for Password in to the implementation of password hashing. An attacker can reduce the effective entropy of user passwords and potentially mislead users about the required password length by...

CVE-2025-25298 Missing Maximum Password Length Validation in Strapi Password Hashing

Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hashing. Bcryptjs ignores any bytes beyond 72, so passwords longer than 72 bytes are silently truncated. A user can create an account...

Strapi 安全漏洞

Strapi is an open source content management system CMS from the French strapi community. A security vulnerability exists in Strapi versions prior to 5.10.3 that stems from not enforcing the maximum password length for bcryptjs password hashes, which could result in passwords being silently...

EUVD-2022-27931

Malicious code in bioql PyPI...

PT-2025-7534 · Ping Identity · Pingam Java Policy Agent

Name of the Vulnerable Software and Affected Versions: PingAM Java Policy Agent versions through 5.10.3 PingAM Java Policy Agent versions through 2023.11.1 PingAM Java Policy Agent versions through 2024.9 Description: The issue is a Relative Path Traversal vulnerability in Ping Identity PingAM Ja...

WordPress plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2023-28779 · Zpe Systems · Nodegrid Os

Name of the Vulnerable Software and Affected Versions: ZPE Systems, Inc Nodegrid OS versions 5.0.0 through 5.0.17 ZPE Systems, Inc Nodegrid OS versions 5.2.0 through 5.2.19 ZPE Systems, Inc Nodegrid OS versions 5.4.0 through 5.4.16 ZPE Systems, Inc Nodegrid OS versions 5.6.0 through 5.6.13 ZPE...

CVE-2022-22788

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before...

CVE-2022-22782

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local...

TIBCO Security Advisory: April 20, 2021 - TIBCO Administrator - Enterprise Edition -2021-28829

TIBCO Administrator CSV injection vulnerability Original release date: April 20,2021 Last revised: CVE-2021-28829 Source: TIBCO Software Inc. Products Affected TIBCO Administrator - Enterprise Edition versions 5.10.2 and below TIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1...

TIBCO Security Advisory: April 20, 2021 - TIBCO Administrator - Enterprise Edition -2021-28827

TIBCO Administrator Stored Cross Site Scripting vulnerability Original release date: April 20, 2021 Last revised: CVE-2021-28827 Source: TIBCOSoftware Inc. Products Affected TIBCO Administrator - Enterprise Edition versions 5.10.2 and below TIBCO Administrator - Enterprise Edition versions 5.11.0...