7 matches found
CVE-2026-56132
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...
CVE-2026-24368 WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through 2.8.0...
Netgate pfSense CE 跨站脚本漏洞
Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate that supports enterprise-class network security and network management features. A cross-site scripting vulnerability exists in Netgate pfSense CE versions prior to 2.8.0 beta, which stems from a cross-si...
PT-2025-4730 · WordPress · Wp Custom Countdown
Name of the Vulnerable Software and Affected Versions: wp custom countdown versions prior to 2.8 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicious...
Autolab 跨站脚本漏洞
Autolab is a course management service. It supports automatically graded programming assignments. A cross-site scripting vulnerability exists in Autolab versions prior to 2.8.0. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the vendor announcement...
Solidus Input Validation Error Vulnerability
Solidus is an open source e-commerce system. An input validation error vulnerability exists in Solidus versions prior to 2.8.6, prior to 2.9.6, and prior to 2.10.2. The vulnerability stems from a network system or product that does not properly validate incoming data. No detailed vulnerability...
DEBIAN-CVE-2019-11555
The EAP-pwd implementation in hostapd EAP server before 2.8 and wpasupplicant EAP peer before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference denial ...