SPIP interface_traduction_objets SQL Injection Vulnerability

SPIP interfacetraductionobjets is an extension plugin from SPIP. A SQL injection vulnerability exists in versions of SPIP interfacetraductionobjets prior to 2.2.2. The vulnerability stems from interfacetraductionobjetspipelines.php directly concatenating the idparent parameter to the SQL WHERE...

GO-2026-4624 Gokapi has CSRF in Login Endpoint in github.com/forceu/gokapi

Gokapi has CSRF in Login Endpoint in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edi...

GO-2026-4612 Gokapi has Stored XSS in SVG Hotlinks in github.com/forceu/gokapi

Gokapi has Stored XSS in SVG Hotlinks in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an...

FileRise 跨站脚本漏洞

FileRise is a lightweight, self-hosted web-based file manager by Ryan Personal Developer. A cross-site scripting vulnerability exists in FileRise versions prior to 2.2.3, which stems from improper handling of SVG files and could lead to stored cross-site scripting...

EUVD-2021-11725

Malware in sbrugna...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

reNgine 信息泄露漏洞

reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined scouting process supported by an engine, scouting data correlation and organization, continuous monitoring, supported by a database and a...

PT-2024-29436 · Feripro · Feripro

Name of the Vulnerable Software and Affected Versions: Feripro versions prior to 2.2.3 Description: The issue concerns an Incorrect Access Control vulnerability. It affects the "/admin/programm//export/statistics" endpoint, allowing remote attackers to export an XLSX file containing information...

AdGuard DNS 安全漏洞

AdGuard DNS is a free, privacy-focused ad-blocking DNS server from AdGuard DNS. A security vulnerability exists in versions prior to AdGuard DNS 2.2 that stems from allowing an attacker to cause a denial of service DoS via a malformed UDP packet...

DEBIAN-CVE-2023-3012

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2...

jose 安全漏洞

npm jose is an application from the U.S. company npm. JWA, JWS, JWE, JWT, JWK using native encryption runtime without dependencies. A security vulnerability exists in versions prior to jose 2.2.0, which stems from the presence of a denial-of-service DoS vulnerability...

PT-2021-16151 · WordPress · Visual Link Preview

Name of the Vulnerable Software and Affected Versions: Visual Link Preview WordPress plugin versions prior to 2.2.3 Description: The issue allows any authenticated user to call several AJAX actions without proper authorization, due to the CSRF nonce being displayed for all authenticated users. Th...

Magento Code Execution Vulnerability (CNVD-2019-39393)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9 and version 2.3...

YADIFA DNS Packet Parser Denial of Service Vulnerability

YADIFA is a lightweight authoritative name server with DNSSEC capabilities.DNS packet parser is one of the Domain Name System DNS resolvers. A security vulnerability exists in the DNS packet parser in versions of YADIFA prior to 2.2.6, which stems from the program failing to detect the presence o...

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment...

DEBIAN-CVE-2010-3903

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service application crash via a 404 HTTP status code...