Grimmory 跨站脚本漏洞

Grimmory is an open-source e-book management software developed by Grimmory. Versions of Grimmory prior to 2.3.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the browser EPUB reader, allowing attackers to embed arbitrary JavaScript in specially crafted EPUB file...

CVE-2024-58342

XenForo Open Redirect (CVE-2024-58342): Affected: XenForo pre-2.2.17 and pre-2.3.1. Root cause: the getDynamicRedirect() path does not adequately validate the redirect target, allowing an open redirect via specially crafted URLs (including newlines, user credentials, or host mismatches). Impact: ...

CVE-2026-0947

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting XSS.This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1...

CVE-2026-0947 AT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting XSS.This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1...

CVE-2025-30518

Incorrect default permissions for some IntelR PresentMon before version 2.3.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result ma...

Linux Distros Unpatched Vulnerability : CVE-2013-2023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.3.1 allows remote attackers to inje...

PT-2025-5078 · Unknown · Notfound Fast Tube

Name of the Vulnerable Software and Affected Versions: NotFound Fast Tube versions prior to 2.3.1 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. Recommendations: For versions prior...

Helmholz REX100 信任管理问题漏洞

Helmholz REX100 is a wireless router from Helmholz. A trust management issue vulnerability exists in Helmholz REX100 versions prior to 2.3.1, which stems from the inclusion of two hard-coded user accounts and hard-coded passwords, allowing an unauthenticated, remote attacker to take full control ...

CVE-2024-29963

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries...

PT-2024-23170 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the...

PT-2024-3803 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: A vulnerability in Brocade SANnav is related to the storage of protected information in unencrypted form. The issue allows an attacker to reveal protected...

PT-2024-4305 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: An information disclosure issue exists in Brocade SANnav when instances are configured in disaster recovery mode, allowing authenticated users to access the...

PT-2023-24824 · Jetbrains · Jetbrains Ktor

Name of the Vulnerable Software and Affected Versions: JetBrains Ktor versions prior to 2.3.1 Description: The issue allows headers containing authentication data to be added to the exception's message. This could potentially expose sensitive information. Recommendations: For versions prior to...

JetBrains Ktor framework 安全漏洞

JetBrains Ktor framework is a web application framework from the Czech company JetBrains. A security vulnerability exists in JetBrains Ktor framework versions prior to 2.3.1, which stems from a header for authentication data that can be added to an exception message...

PYSEC-2023-69

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1...

Mlflow 安全漏洞

Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow versions prior to 2.3.1 that stems from being able to read local files...

PYSEC-2023-68

Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...

SUSE CVE-2007-4575

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

CVE-2022-44643

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not ...

PYSEC-2022-42981

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...