83 matches found
CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...
PT-2026-35275
Name of the Vulnerable Software and Affected Versions LogonTracer versions prior to 2.0.0 Description An OS command injection issue allows a logged-in user to execute arbitrary operating system commands. Recommendations Update to version 2.0.0 or later...
CVE-2026-39087
ntfy before 2.22.0 allows SSRF because of an unanchored regular expression...
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
SUSE CVE-2026-27616
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...
EUVD-2026-14770
Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329...
CVE-2024-44722
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...
EUVD-2025-208303
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through 2.0.1...
The Silver Searcher 代码问题漏洞
The Silver Searcher is a code search tool developed by Geoff Greer personally. Versions of the Silver Searcher prior to 2.2.0 contained code-related vulnerabilities, specifically vulnerabilities related to null pointer dereferencing, which could lead to local crashes...
CVE-2026-23720
A vulnerability has been identified in Simcenter Femap All versions V2512, Simcenter Nastran All versions V2512. The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the...
GO-2026-4398 WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow in github.com/h44z/wg-portal
WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow in github.com/h44z/wg-portal. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...
CVE-2026-24830
Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2...
CVE-2026-24830
Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2...
CVE-2026-24801
Vulnerability in Ralim IronOS source/Core/BSP/Pinecilv2/blmcusdk/components/ble/blestack/common/tinycrypt/source modules. This vulnerability is associated with program files eccdsa.C. This issue affects IronOS: before v2.23-rc3...
CVE-2025-68701 Jervis has Deterministic AES IV Derivation from Passphrase
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...
Jervis 安全漏洞
Jervis is an automation tool from the individual developer Sam Gleske. A security vulnerability exists in versions prior to Jervis 2.2 that stems from the deterministic derivation of AES IV from passwords, which could lead to cryptographic vulnerabilities...
CVE-2025-67935
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through 2.4...
CVE-2026-21687 iccDEV has Undefined Behavior in CIccTagCurve::CIccTagCurve()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagCurve::CIccTagCurve. This vulnerability affects users of the iccD...
EUVD-2025-205376
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Aidango allows Cross-Site Scripting XSS.This issue affects Aidango: before 2.144.4...
CVE-2025-2405 XSS in Verisay Communication's Titarus
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Titarus allows Cross-Site Scripting XSS. This issue affects Titarus: before 2.144.4...