CVE-2026-4743

CVE-2026-4743 describes a NULL pointer dereference in taurusxin ncmdump, in the src/utils modules, tied to cJSON.Cpp. Affected product: ncmdump prior to version 1.4.0. Impact stated: potential program crashes (availability impact). No exploitation details are provided in the connected documents. ...

CVE-2026-4743

NULL Pointer Dereference vulnerability in taurusxin ncmdump ‎src/utils‎ modules. This vulnerability is associated with program files cJSON.Cpp‎. This issue affects ncmdump: before 1.4.0...

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline prior to 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object references in the document recovery logic, which could allow any team member to unreasonably recover, vie...

capnproto 环境问题漏洞

Capnproto is an open-source Proto serialization/RPC system—including core tools and C++ libraries. Versions of Capnproto prior to 1.4.0 contained environmental vulnerabilities. These vulnerabilities stemmed from the conversion of negative Content-Length values into unsigned numbers, which could...

CVE-2025-58190 affecting package cni-plugins for versions less than 1.4.0-5

CVE-2025-58190 affecting package cni-plugins for versions less than 1.4.0-5. A patched version of the package is available...

Outline 路径遍历漏洞

Outline is an open-source knowledge base developed by Outline. Versions prior to Outline 1.4.0 contained a path traversal vulnerability. This vulnerability stemmed from insufficient validation of the attachments.key value during the JSON import process, which could allow attackers to read arbitra...

Horilla 安全漏洞

Horilla is a free and open source human resources software from Horilla Inc. A security vulnerability exists in Horilla versions prior to 1.4.0, which stems from the presence of stored cross-site scripting in the ticket comment editor that could cause a low-privileged user to execute arbitrary...

CVE-2025-59525

Horilla HRMS prior to 1.4.0 is vulnerable to Cross-Site Scripting (XSS) via uploaded SVG files (and via allowed embed/ tags), enabling script execution when affected content (e.g., announcements) is viewed and potentially leading to an admin account takeover. The issue stems from improper sanitiz...

CVE-2025-59524 Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel

Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation for example, with an intercepting proxy or by...

Horilla 代码问题漏洞

Horilla is a free and open source human resources software from Horilla, Inc. A code issue vulnerability exists in Horilla versions prior to 1.4.0 that stems from improper cleanup in the application, which could lead to a cross-site scripting attack that could lead to an administrator account...

Horilla 代码问题漏洞

Horilla is a free and open source HR software from Horilla Inc. A code issue vulnerability exists in Horilla versions prior to 1.4.0 that stems from a file upload process that performs only browser-side validation without implementing server-side checks, which could lead to stored cross-site...

Linux Distros Unpatched Vulnerability : CVE-2025-46415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28....

PT-2025-32586

Name of the Vulnerable Software and Affected Versions: CryptoLib versions 1.4.0 and earlier Description: CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight Syste...

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

Xinference 安全漏洞

Xinference is an application by Endeavor's Xiao Yang Personal Developer. A security vulnerability exists in Xinference versions prior to 1.4.0, which stems from improper access control and could lead to unauthorized access to the Web GUI...

CVE-2025-4681

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0...

CVE-2025-4680

Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0...

upKeeper Instant Privilege Access 安全漏洞

upKeeper Instant Privilege Access is a privilege management system from the Swedish company upKeeper. A security vulnerability exists in upKeeper Instant Privilege Access versions prior to 1.4.0, which stems from improper input validation and could lead to an access control misconfiguration...

CVE-2023-3140

Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...

CVE-2022-1250

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...