CVE-2026-33638

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, GET /api/allusers is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. ...

CVE-2026-33638

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, GET /api/allusers is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. ...

PT-2026-26041

Name of the Vulnerable Software and Affected Versions WebberZone Contextual Related Posts versions prior to 4.2.2 Description An authorization issue exists in WebberZone Contextual Related Posts due to incorrectly configured access control security levels. This allows for unauthorized access...

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of user input by the Acroform module, which could lead to the injection of arbitrary PDF...

CVE-2026-24664

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been...

CVE-2026-24664

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been...

CVE-2026-24669 Open eClass Insecure Password Reset Token Reuse Enables Account Takeover

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and...

CVE-2026-24671 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User Fields

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

CVE-2026-24664

Open eClass (formerly GUnet eClass) is affected prior to version 4.2 by a username enumeration issue where unauthenticated attackers can determine valid accounts by observing differences in login responses. The vulnerability specifically involves the login workflow, including the /login endpoint,...

CVE-2026-24664 Open eClass is Vulnerable to Username Enumeration via Login Response Discrepancies

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been...

Open eClass 安全漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow unauthenticated remote attackers to acce...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001051)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001051 advisory. The rfcommsockbind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of...

Nagios Fusion 安全漏洞

Nagios Fusion is a centralized monitoring and visualization platform from the US-based Nagios, Inc. A security vulnerability exists in Nagios Fusion versions prior to 4.2.0, which stems from an uncleaned user input in the LDAP/AD authentication server configuration and could lead to a stored...

CVE-2025-62058

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

...

WordPress plugin WP-Optimize 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-29964 · Openhab +1 · Openhab +1

Name of the Vulnerable Software and Affected Versions: openHAB CometVisu add-on versions prior to 4.2.1 Description: The CometVisuServlet in openHAB's CometVisu add-on is susceptible to an unauthenticated path traversal vulnerability. This issue allows local files on the server to be requested vi...

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in Zscaler Client Connector versions prior to 4.2 that stems from the presence of incorrect input validation that allows operating system command injection...

CVE-2024-23480

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2...

PT-2024-19266 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.2.0 Description: The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. There are no checks on whether the input is encrypte...