CVE-2026-39983 FTP Command Injection via CRLF in basic-ftp

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

WordPress Gianism plugin < 5.2.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Felipe Restrepo Rodriguez, Mateo Gutierrez Gomez in WordPress Plugin Gianism versions 5.2.1...

Opswat Metadefender Core 安全漏洞

OPSWAT MetaDefender Core OPSWAT MDCore is a multi-engine anti-malware software from OPSWAT, Inc. It prevents the upload of malicious files on web applications that bypass sandboxing and other detection-based security solutions. A security vulnerability exists in Opswat Metadefender Core versions...

PT-2024-12055 · Opswat · Opswat Metadefender Core

Name of the Vulnerable Software and Affected Versions: Opswat Metadefender Core versions prior to 5.2.1 Description: The issue concerns a failure to properly defend against potential HTML injection and XSS attacks. Recommendations: For versions prior to 5.2.1, update to version 5.2.1 or later to...