22 matches found
CVE-2026-42454
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...
CVE-2026-25569
A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution...
EUVD-2023-43737
Malicious code in bioql PyPI...
CVE-2025-59346
Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery SSRF vulnerability that enables users to force DragonFly2’s components to make requests to internal services that are otherwise not accessible to...
Dragonfly 安全漏洞
Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly versions prior to 2.1.0, which stems from a hard-coded use of the HTTP protocol instead of HTTPS when downloading small files in the scheduler...
CVE-2019-17220
Rocket.Chat before 2.1.0 allows XSS via a URL on a !title line...
CVE-2024-7071
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection. This issue affects Brain Low-Code: before 2.1.0...
Brain Low-Code SQL注入漏洞
Brain Low-Code is a software development platform from Brain Low-Code that requires little to no coding to build applications and processes. An SQL injection vulnerability exists in versions of Brain Low-Code prior to 2.1.0. No information about this vulnerability is available at this time, so st...
CVE-2023-51414
Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1...
CVE-2023-0588
The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...
CVE-2023-1267 SQLi in Ulkem Company's PtteM Kart
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ulkem Company PtteM Kart. This issue affects PtteM Kart: before 2.1...
SUSE CVE-2013-6369
Stack-based buffer overflow in the jbgdecin function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted image file...
UBUNTU-CVE-2022-43440
Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable...
Mellivora 跨站脚本漏洞
Mellivora is a CTF engine written in PHP by the individual developer Nakiami. A cross-site scripting vulnerability exists in Mellivora versions prior to 2.1.x. The vulnerability stems from an incorrect manipulation of a parameter that leads to a cross-site scripting vulnerability...
EOS 缓冲区错误漏洞
EOS is an open source smart contract platform from the EOSIO community. A buffer error vulnerability exists in EOS that stems from the txntestgenplugin function containing a heap-based buffer overflow. The vulnerability affects the following products: EOS versions prior to v2.1.0...
CVE-2022-0674
The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-20834
Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...
Apache Syncope Code Injection Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. A code injection vulnerability exists in Apache Syncope versions prior to...
Magento Code Execution Vulnerability (CNVD-2019-39393)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9 and version 2.3...
PT-2019-19002 · Advancecomp +4 · Advancecomp +4
Name of the Vulnerable Software and Affected Versions: AdvanceCOMP versions prior to 2.1 Description: An issue was discovered that can cause an invalid memory address to occur in the adv png unfilter 8 function in lib/png.c. This can be triggered by sending a crafted file to a binary, allowing an...