SillyTavern 代码问题漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.17.0 had code vulnerabilities; these vulnerabilities stemmed from a hostname check that only matched literal dotted-decimal IPv4 addresses, which could lead to server-side reques...

CVE-2026-3214

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10...

CVE-2026-3214

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10...

CVE-2026-3214

CVE-2026-3214 affects Drupal CAPTCHA. Affected: Drupal CAPTCHA versions 0.0.0–1.16.9 and 2.0.0–2.0.9. Root cause: insufficient invalidation of security tokens, enabling a functionality bypass where an attacker can bypass CAPTCHA on subsequent submissions after solving at least one CAPTCHA manuall...

Drupal CAPTCHA 安全漏洞

Drupal CAPTCHA is a CAPTCHA module developed by the Drupal company. Versions of Drupal CAPTCHA prior to 1.17.0, as well as versions from 2.0.0 to 2.0.10, contained security vulnerabilities. These vulnerabilities stemmed from the use of alternative paths or channels to bypass authentication,...

go-ethereum 安全漏洞

go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.17.0 contained security vulnerabilities; these vulnerabilities allowed attackers to cause high memory usage by sending specially crafted P2P messages...

CVE-2026-22250

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0...

CVE-2025-14262

KNIME Business Hub vulnerability CVE-2025-14262 affects KNIME Business Hub prior to 1.17.0. A wrong permission check allowed an authenticated user to save another user’s jobs as if owned by the job owner, potentially enabling saves into spaces where the attacker lacked write permissions. The atta...

KNIME Business Hub 安全漏洞

KNIME Business Hub is KNIME's enterprise software for data science automation, deployment modeling, team collaboration and management workflows. A security vulnerability exists in KNIME Business Hub versions prior to 1.17.0 that stems from improper privilege checking and could lead to elevation o...

PT-2025-49540

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner...

EUVD-2025-4304

Malicious code in bioql PyPI...

HashiCorp Vault Security Breach

HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A security vulnerability exists in HashiCorp Vault, Vault Enterprise versions prior to 1.17.0, 1.16.3, and 1.15.9, which stems from failure to properly validate JSON Web Token JWT role-bound audience...

SHIRASAGI 跨站脚本漏洞

SHIRASAGI is a content management system CMS for the Japanese Shirasagi project. A security vulnerability exists in versions prior to SHIRASAGI v1.17.0, which stems from a stored cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary script...

CVE-2022-37145

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an...

CVE-2022-37145

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an...

CVE-2022-1469

The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...