CVE-2025-13593

Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

EUVD-2026-21210

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...

Dockyard 访问控制错误漏洞

Dockyard is a lightweight Docker container management web interface developed by Ismail as an individual developer. Versions of Dockyard prior to 1.1.0 contained an access control vulnerability. This vulnerability stemmed from the fact that Docker container startup and shutdown operations were...

CVE-2026-30969

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

CVE-2026-30968 Coral Server has insufficient validation of agent identity for SSE connections

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint /sse/v1/... in Coral Server did not strongly validate that a connecting agent was a legitimate participant in the session. Th...

CVE-2026-25935 Vikunja Affected by XSS Via Task Preview

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 1.1.0 contained security vulnerabilities. These vulnerabilities were due to the lack of escaping in the TaskGlanceTooltip.vue file, which could allow malicious users to trigger cross-site...

CVE-2017-18555

The booking-sms plugin before 1.1.0 for WordPress has XSS...

EUVD-2025-28803

Malicious code in bioql PyPI...

CVE-2025-8627

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 US Smartplug: before 1.1.0...

Linux Distros Unpatched Vulnerability : CVE-2021-4043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. CVE-2021-4043 Note that Nessus relies on the presence of the package as reported by the...

CVE-2025-8627

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 US Smartplug: before 1.1.0...

CVE-2025-8627 Unauthenticated Protocol Commands on TP-Link KP303

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 US Smartplug: before 1.1.0...

CVE-2025-8627

The CVE-2025-8627 entry describes a vulnerability in TP-Link KP303 Smartplug (US) prior to version 1.1.0 where unauthenticated protocol commands can be issued to cause an unintended power-off condition and potential information leak. The issue affects the KP303 (US) Smartplug before 1.1.0. The CV...

PT-2025-34709

Name of the Vulnerable Software and Affected Versions: TP-Link KP303 Smartplug versions prior to 1.1.0 Description: The TP-Link KP303 Smartplug is susceptible to unauthenticated protocol commands that can lead to an unintended power-off condition and potential information leak. Recommendations:...

Intel® AI for Enterprise Retrieval-augmented Generation Software Advisory

Summary: A potential security vulnerability in some Intel® AI for Enterprise Retrieval-augmented Generation software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-24923 Description:...

Stirling-PDF 代码问题漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A code issue vulnerability exists in Stirling-PDF versions prior to 1.1.0 that stems from a cleaner in the Markdown to PDF feature that can be bypassed, potentially leading to...

Drupal Block Attributes 安全漏洞

Drupal Block Attributes is a configuration interface plugin for the Drupal community. A security vulnerability exists in Drupal Block Attributes versions prior to 1.1.0 and prior to 2.0.1, which stems from improper input neutralization during page generation and could lead to a cross-site scripti...

Drupal Block Attributes module < 1.1.0,2.0.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Block Attributes versions 1.1.0,2.0.0...

ScadaFlare 1.0 ScadaBR Authenticated RCE Toolkit

This is a modular post-authentication remote code execution exploit targeting ScadaBR versions prior to 1.1.0. This tool is enhanced for red team ops...