CVE-2026-8493

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

CVE-2026-8493

CVE-2026-8493 affects the Drupal Colorbox Inline module. The issue arises because the module does not sufficiently sanitize the data-colorbox-inline attribute value passed to jQuery, enabling a Cross-Site Scripting (XSS) vulnerability. Affected versions are 0.0.0 through 2.1.0; remediation is to ...

Drupal Colorbox Inline 跨站脚本漏洞

Drupal Colorbox Inline is a Drupal pop-up display module developed by the Drupal company. Versions of Drupal Colorbox Inline prior to 2.1.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input validation during web page generation, which could lead to...

PT-2026-1329

Name of the Vulnerable Software and Affected Versions evershop versions prior to 2.1.1 Description A Blind Server-Side Request Forgery SSRF exists in evershop versions prior to 2.1.1. An unauthenticated attacker can force the server to initiate an HTTP request via the ''/images'' API endpoint. Th...

CVE-2025-48445

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse.This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

Apache ActiveMQ NMS OpenWire Client 安全漏洞

Apache ActiveMQ NMS OpenWire Client is an American Apache Apache Foundation . A deserialization vulnerability exists in Apache ActiveMQ NMS OpenWire Client versions prior to 2.1.1, which arises from unsafe deserialization of serialized data received by an application from a user and can be...

CVE-2025-1269

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing. This issue affects Liman MYS: before 2.1.1 - 1010...

PT-2025-4942 · Unknown · Notfound Xlsxviewer

Name of the Vulnerable Software and Affected Versions: NotFound XLSXviewer versions prior to 2.1.1 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'Path Traversal'. This allows for Path Traversal in NotFound XLSXviewer...

CVE-2024-13260

Cross-Site Request Forgery CSRF vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1...

PT-2024-39457 · Flowise +1 · Flowise +1

Name of the Vulnerable Software and Affected Versions: Flowise versions prior to 2.1.1 Flowise Chat Embed versions prior to 2.0.0 Description: The issue is related to a Stored Cross-Site vulnerability due to a lack of input sanitization. Recommendations: For Flowise versions prior to 2.1.1, updat...

WordPress theme Himer Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site request forgery vulnerability exists in WordPress theme Himer versions prior t...

WordPress theme Himer security vulnerability

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Himer versions prior to 2.1.1, which ste...

PT-2024-19355 · WordPress · Himer

Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to manipulate users into voting on polls they do not have access to through a CSRF attack...

Trix 安全漏洞

Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.1 that stems from improper cleanup of pasted content...

PT-2023-7320 · Bumsys · Bumsys

Name of the Vulnerable Software and Affected Versions: bumsys versions prior to 2.1.1 Description: The issue is related to a PHP Remote File Inclusion vulnerability. This could allow a remote attacker to execute arbitrary code by sending specially crafted requests. Recommendations: For versions...

SUSE CVE-2015-8871

Use-after-free vulnerability in the opjj2kwritemco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors...

CVE-2022-24065

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...

CVE-2020-15385

Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission...

GHSA-7WPW-2HJM-89GP Prototype Pollution in merge

All versions of package merge 2.1.1 are vulnerable to Prototype Pollution via recursiveMerge...

CVE-2020-28448

This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...