CVE-2026-22743

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

GHSA-44F4-GVWJ-6QG3 Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before...

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities within the Spring ecosystem. Versions prior to 1.0.5 and 1.1.4 of VMware Spring AI contained security vulnerabilities. These vulnerabilities...

CVE-2026-2348

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Quick Edit allows Cross-Site Scripting XSS.This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1...

CVE-2026-2348 Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Quick Edit allows Cross-Site Scripting XSS.This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1...

CVE-2026-2348 Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Quick Edit allows Cross-Site Scripting XSS.This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1...

Drupal Quick Edit 安全漏洞

Drupal Quick Edit is a content management system module provided by the Drupal company that enables quick editing and immediate modification of page content. Versions of Drupal Quick Edit prior to 1.0.5 and 2.0.1 contained security vulnerabilities, which were due to improper input handling and...

PT-2026-1639

Name of the Vulnerable Software and Affected Versions My Album Gallery plugin for WordPress versions prior to 1.0.5 Description The My Album Gallery plugin for WordPress is susceptible to Stored Cross-Site Scripting through image titles. This occurs because of inadequate input sanitization and...

EUVD-2017-9633

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-12779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without...

CVE-2025-48448

Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5...

CVE-2023-1136

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass...

CVE-2023-1143

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-1144

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation...

CVE-2015-9312

The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element...

Drupal Admin Audit Trail module < 1.0.5 - Unauthenticated Denial of Service Attack vulnerability

Unauthenticated Denial of Service Attack vulnerability discovered by Scott Phillips scottatdrake in WordPress Module Admin Audit Trail versions 1.0.5...

goshs 访问控制错误漏洞

goshs is a simple HTTP Server written in Go by Patrick Hener Personal Developer. An access control error vulnerability exists in goshs versions prior to 1.0.5 that stems from not checking the cli option -c, which could lead to arbitrary command execution...

CVE-2025-31692

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Drupal AI Artificial Intelligence allows OS Command Injection.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.0.5...

CVE-2025-31692

CVE-2025-31692 : Drupal AI (Artificial Intelligence) module is affected by an OS command injection vulnerability in versions 0.0.0 through 1.0.4 due to improper neutralization of special elements in commands. Exploitation could allow an attacker to execute arbitrary OS commands. Affected componen...

Drupal AI 操作系统命令注入漏洞

Drupal AI is a module or solution for the Drupal community that integrates artificial intelligence capabilities. An operating system command injection vulnerability exists in Drupal AI versions prior to 1.0.5, which stems from improper neutralization of a special element and could lead to os...