i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

Summary Versions of i18next-fs-backend prior to 2.6.4 interpolate the caller-supplied lng and ns values directly into the configured loadPath and addPath templates with no path-component validation and no sanitisation. When an application exposes the resolved language code to user-controlled inpu...

CVE-2023-4433

Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4...

PT-2025-45398

Name of the Vulnerable Software and Affected Versions Nuxt DevTools versions prior to 2.6.4 Description A flaw exists in Nuxt DevTools that could allow the extraction of Nuxt authentication tokens through a cross-site scripting XSS attack, under specific configurations. Recommendations Update to...

CVE-2025-64224

The CVE-2025-64224 entry concerns the WordPress plugin Grand Conference Theme Custom Post Type (component: grandconference-custom-post). The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Affected versions range...

CVE-2025-59375 affecting package expat for versions less than 2.6.4-2

CVE-2025-59375 affecting package expat for versions less than 2.6.4-2. A patched version of the package is available...

CVE-2025-59375 affecting package expat for versions less than 2.6.4-2

CVE-2025-59375 affecting package expat for versions less than 2.6.4-2. A patched version of the package is available...

BIT-LIBPYTHON-2024-50602

An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser...

WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Grand Conference Theme Custom Post Type versions 2.6.4...

SUSE CVE-2021-4200

A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4...

Google TensorFlow输入验证错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the fact that tf.rawops.StagePee...

Combodo iTop Cross-Site Scripting Vulnerability (CNVD-2020-35968)

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in the id of th...

Unspecified vulnerability in piSignage

piSignage is an HD video digital signage player. A security vulnerability exists in the web application component of piSignage versions prior to 2.6.4. A remote attacker can exploit the vulnerability to download arbitrary files from a Raspberry Pi...

Modx Revolution Remote Code Execution Vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A remote code execution vulnerability exists in Modx Revolution versions prior to 2.6.4, which can be...