CVE-2026-49472 FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

CVE-2026-39805

CVE-2026-39805 describes an HTTP request smuggling flaw in Elixir Bandit (bandit) due to Bandit.Headers:get_content_length/1 using List.keyfind/3. If a request carries two Content-Length headers with different values, Bandit may read the body using the first value and dispatch the remaining bytes...

EEF-CVE-2026-42786 WebSocket fragmented message reassembly unbounded in bandit

Summary Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends ever...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 1.11.0, which stems from an API key being exposed in plaintext to the front-end, which could lead to unauthorized access to third-party services...

CVE-2025-66312 Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. Th...

CVE-2025-11849

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...

CVE-2025-11849

The CVE-2025-11849 entry affects Mammoth (org.zwobble.mammoth:mammoth) and the Mammoth package family up to version 1.11.0 (pre-1.11.0). The root cause is a lack of path or file-type validation when processing DOCX files containing externally linked images (r:link) instead of embedded r:embed. Th...

Mammoth 安全漏洞

Mammoth is a tool for converting Word documents to HTML by the individual developer Michael Williamson. A security vulnerability exists in mammoth version 0.3.25 and versions prior to 1.11.0, which stems from a lack of path or file type validation when processing docx files, and could lead to a...

CVE-2024-41512

A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter...

CVE-2024-41514

A reflected cross-site scripting XSS vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter...

Kyverno security breach

Kyverno is a policy engine for Kubernetes open-sourced by Kyverno. A security vulnerability exists in versions prior to Kyverno v1.11.0. An attacker exploited the vulnerability to cause a denial of service on the system...

Izanami 信任管理问题漏洞

Izanami is a shared configuration, feature flipping, and A/B testing server that is ideally suited for microservices architecture implementations. A security vulnerability exists in Izanami versions prior to 1.11.0 that stems from an attacker being able to bypass authentication in this applicatio...

CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...

PT-2022-7286

Name of the Vulnerable Software and Affected Versions git versions prior to 1.11.0 Description The issue is related to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that...

DEBIAN-CVE-2019-18848

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...

Apache Allura Cross-Site Scripting Vulnerability

Apache Allura is the United States Apache Apache Software Foundation's set of open source project hosting platform. The platform supports the management of source code repositories, bug reports, wiki pages and blogs. A cross-site scripting vulnerability exists in the user drop-down selector in...

Pippo Remote Code Execution Vulnerability

Pippo is a Java-based Web framework . A remote code execution vulnerability exists in Pippo 1.11.0 and earlier versions, which stems from the XstreamEngine component failing to use the defense mechanisms available to XStream to limit anti-grouping, and can be exploited by a remote attacker to...

PT-2018-9625 · Hewlett Packard · Dotnetzip

Name of the Vulnerable Software and Affected Versions: DotNetZip.Semvered versions prior to 1.11.0 Description: The issue allows attackers to perform directory traversal, enabling them to write to arbitrary files. This is achieved by including a ../ dot dot slash in a Zip archive entry, which is...

Cloud Foundry Garden-runC Information Disclosure Vulnerability

Cloud Foundry Garden-runC is a set of Garden-based container systems from the U.S. Cloud Foundry Foundation. An information disclosure vulnerability exists in Cloud Foundry Garden-runC versions prior to 1.11.0. An attacker can exploit this vulnerability to obtain credentials and perform...

PT-2016-5017 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.10.3 Foreman version 1.11.0 before 1.11.0-RC2 Description: The issue allows remote authenticated users to read, modify, or delete private bookmarks by leveraging the edit bookmarks or destroy bookmarks permission...