CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

Drupal AI security vulnerabilities

Drupal AI is a module or solution within the Drupal community that integrates artificial intelligence capabilities. Versions of Drupal AI prior to 1.0.7, 1.1.7, and 1.2.4 contain security vulnerabilities. These vulnerabilities stem from improper input during web page generation, which may lead to...

PT-2025-45547

Name of the Vulnerable Software and Affected Versions Insert Headers and Footers Code – HT Script plugin for WordPress versions prior to 1.1.7 Description The Insert Headers and Footers Code – HT Script plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs because of...

EUVD-2025-27001

Malicious code in bioql PyPI...

Obsidian GitHub Copilot Plugin 安全漏洞

Obsidian GitHub Copilot Plugin is a Github Copilot plugin by the individual developer Pierre-Adrien Vasseur. A security vulnerability exists in versions of Obsidian GitHub Copilot Plugin prior to 1.1.7, which stems from storing Github API tokens in clear-text form, which could lead to unauthorize...

Linux Distros Unpatched Vulnerability : CVE-2016-9920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not proper...

tiny-secp256k1 安全漏洞

tiny-secp256k1 is a wrapper for bitcoinjs open source. A security vulnerability exists in tiny-secp256k1 versions prior to 1.1.7, which stems from the potential disclosure of a private key when signing a malicious JSON stringable object, potentially leading to private key extraction...

TYPO3 SQL注入漏洞

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. TYPO3 1.1.7 and earlier versions exist SQL injection vulnerability, the vulnerability stems from a problem in the mod1/index.php file, an attacker can exploit this vulnerability to conduct...

PT-2022-24426 · Rhonabwy · Rhonabwy

Name of the Vulnerable Software and Affected Versions: Rhonabwy versions 0.9.99 through 1.1.x before 1.1.7 Description: The issue allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token, as the software does not check the RSA private key length before RSA-OAEP...

muhttpd 路径遍历漏洞

muhttpd is a simple but complete web server for inglorion individual developers. Written in portable ANSI C, it supports logging, CGI scripting, MIME type based handlers and HTTPS. A security vulnerability exists in muhttpd versions prior to 1.1.7. An attacker could exploit this vulnerability to...

CVE-2022-0200

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...

PT-2021-23086

Name of the Vulnerable Software and Affected Versions aurelia-path versions prior to 1.1.7 Description The issue is related to a prototype pollution vulnerability in aurelia-path, which is part of the Aurelia platform and contains utilities for path manipulation. This vulnerability exposes Aureli...

CVE-2019-14681

The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=dafsettings&dafremove=true CSRF...

Synology Router Manager Command Injection Vulnerability (CNVD-2019-08959)

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. A command injection vulnerability exists in ftpd in Synology SRM versions prior to 1.1.7-6941-1. The vulnerability, which originates from a failure of a network system or...

CVE-2018-3758

Unrestricted file upload RCE in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine...

brace-expansionindex.js file denial of service vulnerability

brace-expansion is a tool that generates arbitrary strings. A denial of service vulnerability exists in the index.js file in versions of brace-expansion prior to 1.1.7. An attacker can exploit this vulnerability to cause a denial of service...

PT-2016-7880

Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.1.7 Roundcube versions 1.2.x prior to 1.2.3 Description The issue allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. This is due to the...