Radare2 MCP Server 操作系统命令注入漏洞

Radare2 MCP Server is an open-source binary analysis tool based on Radare2 developed by the radare.org community. Versions of Radare2 MCP Server prior to version 1.6.0 contained a vulnerability related to operating system command injection. This vulnerability arises from operating system command...

Ella Core 代码问题漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.6.0 contained code vulnerabilities. These vulnerabilities resulted from kernel crashes during the processing of UL NAS transmission messages...

EUVD-2025-208321

A denial-of-service DoS vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610...

Cloudflare Workers SDK 信息泄露漏洞

Cloudflare Workers SDK is an open source developer toolkit for Cloudflare. An information disclosure vulnerability exists in Cloudflare Workers SDK versions prior to 1.6.0, which stems from a default configuration where the local development server exposes all files, potentially leading to the...

Linux Distros Unpatched Vulnerability : CVE-2019-25211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed...

Linux Distros Unpatched Vulnerability : CVE-2022-24329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. CVE-2022-24329 Note that Nessus relies on the...

Drupal Lightgallery Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS. This issue affects Lightgallery: from 0.0.0 before 1.6.0...

CVE-2025-48447 Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...

Drupal Lightgallery 跨站脚本漏洞

Drupal Lightgallery is a plugin for the Drupal community. A cross-site scripting vulnerability exists in Drupal Lightgallery versions prior to 1.6.0 that stems from improper input neutralization and could lead to a cross-site scripting attack...

CVE-2025-31695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting XSS.This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0...

CVE-2025-31695

CVE-2025-31695 affects the Drupal Link field display mode formatter. The issue is Improper Neutralization of Input During Web Page Generation (XSS) in the module, allowing cross-site scripting. Affected versions are 0.0.0 through 1.6.0; the component is the Link field display mode formatter. Root...

WordPress WP Table Builder plugin < 1.6.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Table Builder versions 1.6.0...

Hertzbeat 安全漏洞

Hertzbeat is an open source real-time monitoring system. A SQL injection vulnerability exists in Hertzbeat versions prior to 1.6.0 that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands ...

Apache Linkis 代码问题漏洞

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. Apache Linkis 1.6.0 before the version of the code problem vulnerability , the vulnerability stems from the lack ...

Arc 安全漏洞

ARC is a software package for creating and maintaining file archives. A security vulnerability exists in versions prior to Arc v1.6.0 that stems from using archives without properly validating the filenames within them, making them vulnerable to path traversal attacks...

jose2go Security Vulnerabilities

jose2go is a Golang implementation of the Javascript object signing and encryption specification for individual developers at DV. A security vulnerability exists in jose2go versions prior to 1.6.0, which originated from a vulnerability that allows an attacker to cause a denial of service via a...

SUSE CVE-2023-22645

An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0...

Checkmk 跨站脚本漏洞

Checkmk is an editor. A security vulnerability exists in versions of Checkmk prior to 1.6.0. An attacker exploited the vulnerability to inject malicious HTML into emails...

WordPress Plugin Download Read More Excerpt Link 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-0178 Annual Archive < 1.6.0 - Contributor+ Stored XSS

The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...