GHSA-CX4M-2P55-RW7J Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

PT-2026-28715

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 3.0.0 Description A security flaw exists in Sinaptik AI PandasAI up to version 3.0.0. The issue resides within the is sql query safe function located in the pandasai/helpers/sql sanitizer.py file, allowing f...

CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

CVE-2025-13029 Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users...

SUSE CVE-2016-11078

An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information credential fields within config.json via the System Console UI...

EUVD-2025-25477

Malicious code in bioql PyPI...

EUVD-2025-25269

Malicious code in bioql PyPI...

CVE-2025-9225

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

CVE-2025-9228 Insufficient authorization when creating notes

MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users...

CVE-2025-9228 Insufficient authorization when creating notes

MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users...

Mobile Industrial Robots MiR controllers 安全漏洞

Mobile Industrial Robots MiR controllers is a controller product for industrial automation from Mobile Industrial Robots, Denmark. A security vulnerability exists in Mobile Industrial Robots MiR controllers versions prior to 3.0.0, which stems from mishandling of errors and could allow an...

PT-2025-32353 · Mir · Mir

Name of the Vulnerable Software and Affected Versions: MiR software versions prior to 3.0.0 Description: MiR software versions prior to 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary command...

CVE-2023-26119

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage...

BIT-SUPERSET-2023-42504 Apache Superset: Lack of rate limiting allows for possible denial of service

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0...

Carbon 安全漏洞

Carbon is a DateTime PHP extension to the Carbon open source. A security vulnerability exists in Carbon versions prior to 3.0.0 through 3.8.4 and prior to 2.72.6, which stems from an arbitrary file inclusion vulnerability when passing unfiltered user input to the Carbon::setLocale application,...

PT-2024-28428 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.6.18 BigBlueButton versions prior to 2.7.8 BigBlueButton versions prior to 3.0.0-alpha.7 Description: An attacker may exploit overly elevated file permissions in the...

DEBIAN-CVE-2024-29156

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...

CVE-2023-41796

Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0...

GHSA-HC74-9VJM-C9XV Apache Superset Open Redirect vulnerability

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0...

Apache Superset 信息泄露漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An information disclosure vulnerability exists in Apache Superset versions prior to 3.0.0, which stems from the application's inadequate protection of sensitive information and can be exploited b...