SiYuan 代码注入漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.6.4 contained a code injection vulnerability. This vulnerability stemmed from insecure escaping of table header contents, which could lead to storage-side cross-site scripti...

CVE-2025-14472

Cross-Site Request Forgery CSRF vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3...

PT-2026-5206

Name of the Vulnerable Software and Affected Versions Acquia Content Hub versions 0.0.0 through 3.6.3 Acquia Content Hub versions 3.7.0 through 3.7.2 Description A Cross-Site Request Forgery CSRF issue exists in Acquia Content Hub. This allows attackers to perform actions on behalf of authenticat...

Linux Distros Unpatched Vulnerability : CVE-2025-48965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtlsasn1storenameddata can trigger conflicting data with val.p of NULL but val.len greater than...

Linux Distros Unpatched Vulnerability : CVE-2025-52496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a...

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions prior to 3.6.4 that stems from a heap buffer overflow in PEM parsing, which could result in memory corruption...

CVE-2023-39726

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal...

PT-2023-29257 · Jim Krill · Wp Jump Menu

Name of the Vulnerable Software and Affected Versions: Jim Krill WP Jump Menu plugin versions prior to 3.6.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions prior to 3.6.4, upda...

nsGenericDOMDataNode:: SetTextInternal

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a...