32 matches found
SUSE CVE-2026-38978
transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...
EUVD-2026-33971
transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...
CVE-2026-42585
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...
Apache Kafka 安全漏洞
Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond in real time to changes in data streams. Versions 4.1.0 and...
CVE-2026-32629
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example "alert1"@evil.com. PHP's FILTERVALIDATEEMAIL accepts this...
CVE-2026-34973 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages method in phpmyfaq/src/phpMyFAQ/Search.php uses realescapestring via escape to sanitize the search term before embedding it in LIKE clauses. However, realescapestring does not escape SQL LIKE...
CVE-2026-34729 phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes. This issue has been patched in version 4.1.1...
CVE-2026-34728 phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any...
PT-2026-29784
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages method in phpmyfaq/src/phpMyFAQ/Search.php uses real escape string via escape to sanitize the search term before embedding it in LIKE clauses. However, real escape string does not escape SQL LIKE...
GHSA-QR6X-WVXR-8HM9 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information
Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...
CVE-2026-24875 Integer overflow in modizer
Integer Overflow or Wraparound vulnerability in yoyofr modizer.This issue affects modizer: before 4.1.1...
Knock Subdomain Scan security vulnerability
Knock Subdomain Scan is a domain name scanning tool developed by Gianni Amato. Version 4.1.1 of Knock Subdomain Scan contains a security vulnerability, which stems from unfiltered server headers, potentially allowing for CSV injection attacks...
Juniper Networks Paragon Automation security vulnerabilities
Juniper Networks Paragon Automation is an automation and operations platform provided by the American company Juniper Networks. Versions of Juniper Networks Paragon Automation prior to 24.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of appropriate...
DEBIAN-CVE-2025-68480
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...
EUVD-2025-175314
js-yaml has prototype pollution in merge...
EUVD-2025-25137
Malicious code in bioql PyPI...
CVE-2025-48101
CVE-2025-48101 describes a PHP object injection vulnerability in the WordPress plugin “Constant Contact for WordPress” (up to version 4.1.1). The issue arises from deserializing untrusted data, enabling object injection. Public data (NVD/Red Hat/Wordfence/Patchstack/PT-Security) confirms the affe...
CVE-2023-23660
Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP MainWP Maintenance Extension plugin = 4.1.1 versions...
FreeRTOS-Plus-TCP Security Vulnerability
FreeRTOS-Plus-TCP is an extensible open source and thread-safe TCP/IP stack for FreeRTOS. A security vulnerability exists in FreeRTOS-Plus-TCP versions prior to 4.1.1 that stems from a buffer over-read in the DNS response parser...
Mattermost Server does not neutralize HTML content in an Email template field
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized...