Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.0.0 contained a security vulnerability. This vulnerability stemmed from the use of methods like innerHTML during the file upload...

EUVD-2026-21523

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The endpoint readurlwithopengraph accepts a URL from the user via the socialwallnewmsgmain POST parameter and performs tw...

Chamilo LMS 输入验证错误漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained a vulnerability related to input validation...

Chamilo LMS 授权问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained vulnerabilities related to authorization. Thes...

CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2026-32138 NEXULEAN API Key Leak

NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...

Vikunja 代码问题漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.0.0 had code vulnerabilities. These vulnerabilities stemmed from allowing the setting of weak passwords, where user-changed passwords still allowed active sessions to remain valid,...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the filter parameters in the Projects module being rendered into the DOM without proper encoding, which could lead...

CVE-2025-69303

Missing Authorization vulnerability in ModelTheme ModelTheme Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framework: from n/a before 2.0.0...

GO-2026-4421 Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability in github.com/apache/answer

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability in github.com/apache/answer. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...

Gila CMS security vulnerability

Gila CMS is a set of open-source content management systems CMS developed by Gila CMS Inc., based on PHP and MySQL. Versions of Gila CMS prior to 2.0.0 contained security vulnerabilities; these vulnerabilities stemmed from unvalidated HTTP headers, which could allow unauthorized attackers to...

AZL-76505 CVE-2026-0994 affecting package pytorch for versions less than 2.0.0-14

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n version 1.0.0 through versions prior to 2.0.0, which stems from a sandbox bypass issue in Python Code Node that could lead to the execution of arbitrary commands...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in versions prior to n8n 2.0.0 that stems from Code node being able to call internal helper functions that could result in reading or writing to the host file system...

CVE-2025-12761

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Simple multi step form allows Cross-Site Scripting XSS.This issue affects Simple multi step form: from 0.0.0 before 2.0.0...

Drupal Simple multi step form allows Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Simple multi step form allows Cross-Site Scripting XSS.This issue affects Simple multi step form: from 0.0.0 before 2.0.0...

PT-2025-47343

Name of the Vulnerable Software and Affected Versions Drupal Simple multi step form versions prior to 2.0.0 Description A flaw exists in Drupal Simple multi step form that allows for Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...

CVE-2025-62659

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting XSS.This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0...

CVE-2025-62659 The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting XSS.This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0...

CVE-2025-11025 Information Disclosure in Vimeosoft Information Technologies' Vimesoft Corporate Messaging Platform

Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data. This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0...