13 matches found
CVE-2026-48788
CVE-2026-48788 affects Remark42 (versions 1.6.0–1.15.0). The known issue is a content-type spoofing-based XSS in the image proxy: during download the proxy checks Content-Type headers to decide if a resource is an image, but the serving phase sniffing can differ, leading to a mismatch that lets H...
PT-2026-37184
Name of the Vulnerable Software and Affected Versions Saltcorn versions prior to 1.4.6 Saltcorn versions prior to 1.5.6 Saltcorn versions prior to 1.6.0-beta.5 Description Saltcorn fails to properly validate the dest parameter during the post-login process. The is relative url function only block...
CVE-2025-66518 Apache Kyuubi: Unauthorized directory access due to missing path normalization
Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...
Fortinet FortiPAM 安全漏洞
Fortinet FortiPAM is a platform for privilege access control from Fortinet. A security vulnerability exists in Fortinet FortiPAM that stems from the explicit storage of sensitive information in memory, which could lead to credential disclosure. The following versions are affected: version 1.6.0 a...
PT-2025-44202
Name of the Vulnerable Software and Affected Versions Sliver versions 1.5.43 and earlier, and version 1.6.0-dev Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does...
EUVD-2025-30749
Malicious code in bioql PyPI...
PT-2024-36162 · Iqonic Design · Wpbookit
Name of the Vulnerable Software and Affected Versions: Iqonic Design WPBookit versions 1.6.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...
PT-2024-25357 · Unknown · Wpomnia Kb Support
Name of the Vulnerable Software and Affected Versions: WPOmnia KB Support versions 1.6.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in WPOmnia KB Support. Recommendations: For versions 1.6.0 and earlier, update to a version that includes the fix for thi...
at.bestsolution:at.bestsolution.maven.publisher (>=1.0.0 <=1.1.1), at.newmedialab.ldpath:ldpath-functions-html (=0.9.13) +2717 more potentially affected by CVE-2015-6748 via org.jsoup:jsoup (>=1.6.0 <=1.8.2)
org.jsoup:jsoup MAVEN version =1.6.0, =1.0.0, =0.3.1, =0.1.0, =1.0, =1.0, =1.16.0, =2.2.0 and more Source cves: CVE-2015-6748 Source advisory: OSV:GHSA-48RH-QGJR-XFJ6...
PT-2019-7879 · Onelogin +2 · Onelogin Ruby-Saml +2
Name of the Vulnerable Software and Affected Versions: OneLogin Ruby-SAML versions 1.6.0 and earlier Description: The issue may allow an attacker to manipulate SAML data without invalidating its cryptographic signature, potentially bypassing authentication to SAML service providers. This is due t...
Pivotal Cloud Foundry Elastic Runtime Information Disclosure Vulnerability (CNVD-2018-19741)
Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Elastic Runtime is a runtime environment for Pivotal Cloud Foundry. Elastic Runtime is a...
QEMU Denial of Service Vulnerability (CNVD-2016-01943)
QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A security vulnerability exists in QEMU versions 1.6.0 through 2.3.1. When a program maps addresses to MemoryRegionSection using 'addressspacetranslate', an attacker ca...
catsup (>=0.3.8 <=0.3.11), coil (=1.2.1) +9 more potentially affected by CVE-2015-8557 via pygments (>=1.6.0 <=2.0.2)
pygments PYPI version =1.6.0, =0.3.8, =0.0.1, =1.9.5, =3.0.0, =2.3.1, =3.2.0, =1.0.0, =1.0.0, =3.0.1 Source cves: CVE-2015-8557 Source advisory: OSV:PYSEC-2016-32...