dalfox 安全漏洞

Dalfox is an automated cross-site script scanning tool developed by HAHWUL. Versions of Dalfox prior to 2.13.0 contained security vulnerabilities. These vulnerabilities stemmed from the REST API server mode, where the custom-payload-file field directly deserialized from the attacker’s request bod...

NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions vulnerability discovered by ? in WordPress Npm samlify versions 2.13.0...

CVE-2026-42598 Pode: Directory Traversal is possible on Static Routes

Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible to request paths such as http://localhost:8080/c:/Windows/System32/drivers/etc/hosts and have the...

WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PowerPack Pro for Elementor versions v2.13.0...

CVE-2025-47911 affecting package gh for versions less than 2.13.0-26

CVE-2025-47911 affecting package gh for versions less than 2.13.0-26. A patched version of the package is available...

PT-2025-44218

Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 2.13.0 Description FastMCP, a framework for building MCP applications, contains a command-injection issue. An attacker who can control the server name field of an MCP can execute arbitrary OS commands on Windows hosts...

CVE-2024-13284

Cross-Site Request Forgery CSRF vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5...

PT-2022-27219 · Unknown · Ipti Br.Tag

Name of the Vulnerable Software and Affected Versions: ipti br.tag versions prior to 2.13.0 Description: A vulnerability was found in ipti br.tag, which has been declared as problematic. The manipulation of an unknown functionality leads to cross-site scripting. The attack can be launched remotel...

PT-2022-17492 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions prior to 2.13.0 Description: The issue allows an attacker to bypass body schema validation in the request-validation plugin by passing a JSON with a duplicate key. This can be achieved by sending a JSON payload such as...

Mautic Information Disclosure Vulnerability

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic version 1.x and version 2.x prior to 2.13.0. An attacker could exploit the vulnerability to retrieve contact...