CVE-2026-8491

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

CVE-2026-8491

CVE-2026-8491 involves an improper check in the Drupal Node View Permissions module that permits forceful browsing. Affected are Node View Permissions 0.0.0–1.6.x and 2.0.0–2.0.0, where cancelled users’ content reassigned to anonymous users could be exposed. Remediation: upgrade to 1.7.0 (for 0.0...

Drupal Node View Permissions 代码问题漏洞

Drupal Node View Permissions is a Drupal content access control module developed by the Drupal company. There is a code vulnerability in Drupal Node View Permissions, which stems from improper checks for exceptional or special cases, potentially leading to forced browsing. The following versions...

Apollo MCP Server 访问控制错误漏洞

The Apollo MCP Server is an open-source service from Apollo GraphQL that exposes GraphQL operations as AI tools. Versions of the Apollo MCP Server prior to 1.7.0 contained a access control vulnerability. This vulnerability stemmed from the lack of validation of the Host header in incoming HTTP...

PdfDing 安全漏洞

PdfDing is a self-hosted PDF management, viewing, and editing tool developed by mrmn’s developers. Versions of PdfDing prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from access control loopholes, allowing unverified users to bypass password verification processe...

CVE-2026-33903 Ella Core panics when processing a crafted NGAP LocationReport message

Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version...

Ella Core 代码问题漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.7.0 contained code vulnerabilities. These vulnerabilities stemmed from kernel crashes that occurred when processing authentication responses...

EUVD-2026-16393

Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...

CVE-2026-4393

Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...

CVE-2026-4393 Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...

CVE-2026-4933 Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...

CVE-2025-13523

CVE-2025-13523 affects Mattermost Confluence plugin versions prior to 1.7.0. The root cause is improper escaping of user-controlled display names during HTML template rendering. This allows authenticated Confluence users with malicious display names to trigger arbitrary JavaScript execution in a ...

CVE-2022-0697

Open Redirect in GitHub repository archivy/archivy prior to 1.7.0...

Langflow 安全漏洞

Langflow is a visualization framework for building multi-agent and RAG applications from the Langflow open source. A security vulnerability exists in Langflow versions prior to 1.7.0 that stems from a failure to restrict or normalize file paths, which could lead to arbitrary file creation or...

EUVD-2021-11144

Malware in sbrugna...

EUVD-2024-40059

Malicious code in bioql PyPI...

CVE-2025-24404

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability. This issue affects Apache HertzBeat incubatin...

PT-2025-36719

Name of the Vulnerable Software and Affected Versions: Apache HertzBeat versions prior to 1.7.0 Description: An XML injection Remote Code Execution RCE vulnerability exists in Apache HertzBeat due to parsing of HTTP sitemap XML responses. An attacker with authenticated access can trigger the...

Apache HertzBeat 安全漏洞

Apache HertzBeat is a tool from Apache USA that monitors various components. A security vulnerability exists in Apache HertzBeat versions prior to 1.7.0, which stems from an XML parsing vulnerability that could lead to remote code execution...

WordPress Structured Content plugin < 1.7.0 - Contributor Stored XSS vulnerability

Contributor Stored XSS vulnerability discovered by Krugov Aryom in WordPress Plugin Structured Content versions 1.7.0...