phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from an authentication bypass in the password reset endpoint, allowing unverified attackers to reset the...

EUVD-2024-3090

Malicious code in bioql PyPI...

EUVD-2025-24807

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-31863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read...

SUSE CVE-2024-58262

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...

OESA-2023-1930 nodejs-tough-cookie security update

RFC6265 Cookies and Cookie Jar for Node.js. Security Fixes: Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects a...

WESEEK GROWI Security Breach

Weseek GROWI is a team collaboration software package from Weseek Japan. A security vulnerability exists in WESEEK GROWI versions prior to v4.1.3. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

PT-2023-29984 · Unknown · Zentao Biz

Name of the Vulnerable Software and Affected Versions: ZenTao Biz versions 4.1.3 and before Description: The issue is related to Cross Site Request Forgery CSRF, which is a type of attack that tricks a user into performing unintended actions on a web application. Recommendations: For versions 4.1...

Flask-AppBuilder 安全漏洞

Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.1.3, which stems from an authenticated administrator user being able to query other users via their salted and hashed password strings...

Mercurial Remote Code Execution Vulnerability

Mercurial is a software developer Matt Mackall developed a set of cross-platform distributed version control software written in the Python language . The software supports the simultaneous processing of plain text and binary files and so on. A remote code execution vulnerability exists in...

PT-2015-7043 · Siemens · Simatic S7-1200 Cpu

Name of the Vulnerable Software and Affected Versions: Siemens SIMATIC S7-1200 CPU devices with firmware prior to 4.1.3 Description: A cross-site request forgery CSRF issue exists, allowing remote attackers to hijack the authentication of victims via unknown vectors. Recommendations: For firmware...

CVE-2011-2979

Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756...