Pingvin Share 代码注入漏洞

Pingvin Share is a self-hosted file sharing platform developed by Elias Schneider as an individual project. Versions of Pingvin Share prior to 1.13.0 contain a code injection vulnerability. This vulnerability stems from improper handling of the redirect parameter in the getServerSideProps functio...

EUVD-2026-20475

stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution...

CVE-2026-31040

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

CVE-2026-31040

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

PT-2026-31323

Name of the Vulnerable Software and Affected Versions stata-mcp versions prior to 1.13.0 Description Insufficient validation of user-supplied Stata do-file content in stata-mcp can lead to command execution. Recommendations Update stata-mcp to version 1.13.0 or later...

Qwik 安全漏洞

Qwik is a micro web framework open-sourced by Qwik Dev. A security vulnerability exists in Qwik versions prior to 1.13.0, which stems from an unhandled invalid qfunc error that could cause the service to crash...

CVE-2025-3901

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting XSS.This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4...

Asio 安全漏洞

Asio is a freely available, open source, cross-platform C++ library for network programming by chriskohlhoff individual developers. A security vulnerability exists in versions prior to Asio 1.13.0 that stems from a missing fallback error code and no associated error message from the SSL library...

PT-2024-21059 · Khoj · Khoj

Name of the Vulnerable Software and Affected Versions: Khoj versions prior to 1.13.0 Description: Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop, and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scriptin...

ClearML Server Cross-Site Scripting Vulnerability

ClearML Server is an open source suite of tools from ClearML that simplifies machine learning workflows. A cross-site scripting vulnerability exists in versions of ClearML Server prior to 1.13.0 that stems from vulnerability to stored cross-site scripting XSS attacks...

PT-2023-30183 · Apache +3 · Apache Shiro +3

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.13.0 Apache Shiro versions 2.0.0-alpha-1 through 2.0.0-alpha-3 Description: The issue is related to a URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apach...

HashiCorp Vault Security Breach

HashiCorp Vault is a private key access management tool from HashiCorp USA. A security vulnerability exists in HashiCorp Vault versions prior to 1.13.0 and Vault Enterprise versions prior to 1.13.0 that stems from an existing IAM condition that is not preserved when creating or updating a role se...

DEBIAN-CVE-2022-47318

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648...

jQuery 跨站脚本漏洞

jQuery is the United States John Resig individual developers of a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in...

RainLoop Webmail Cross-Site Scripting Vulnerability

RainLoop Webmail is a web-based e-mail client software. A cross-site scripting vulnerability exists in RainLoop Webmail versions prior to 1.13.0, which stems from the lack of proper validation of client-side data by the web application and can be exploited by an attacker to execute client-side co...

PT-2020-9397 · Unknown · Rainloop Webmail

Name of the Vulnerable Software and Affected Versions: RainLoop Webmail versions prior to 1.13.0 Description: The issue lacks XSS protection mechanisms, including xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. Recommendations: For versions prior to...

PT-2019-19884 · Netdata +2 · Netdata +2

Name of the Vulnerable Software and Affected Versions: Netdata web application versions prior to 1.13.0 Description: The issue allows remote attackers to inject malicious HTML code into an imported snapshot. Successful exploitation can lead to the execution of attacker-supplied HTML in the contex...