CVE-2026-27829

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...

Astro 代码问题漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions 9.0.0 to 9.5.3 of Astro have code vulnerabilities. These vulnerabilities stem from an issue where the image pipeline bypasses domain name restrictions, potentially leading to server-side request forgeing...

DoS (Denial of Service) in Confluence Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-48976 was introduced in versions 7.19 of Confluence Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

MiracleLinux 9 : unbound-1.16.2-3.el9_3.5 (AXSA:2024-7682:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7682:03 advisory. A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime...

CVE-2025-60100

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through 9.6...

CVE-2025-60100

CVE-2025-60100 is linked to 8theme XStore for WordPress. The connected documents indicate an unauthenticated, arbitrary shortcode execution vulnerability in XStore versions up to 9.5.3, caused by improper neutralization of script-related HTML tags in a web page (basic XSS). The Wordfence entry li...

CVE-2025-60100 WordPress XStore theme < 9.6 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through 9.6...

PT-2024-26924 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Description: The issue is related to a failure in enforcing proper access controls, allowing users to view arbitrary post...

PT-2024-35417 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Description: The issue is related to the "custom playbooks playbook run updated" webhook event, where guests on a channel...

CVE-2023-36503

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin = 9.5.3 versions...

WordPress plugin MaxButtons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

SUSE CVE-2023-2801

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public...

SUSE CVE-2013-0626

Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0610...

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

PT-2021-14365 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.3 Description: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI, it was possible to switch entities with IDOR from a...

PT-2020-16754 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.3 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability in the ajax/comments.php file. This vulnerability allows an attacker to read data from any database table, such as glpi...

GHSA-X56P-C8CG-Q435 Open Redirect in Next.js versions

Impact - Affected: Users of Next.js between 9.5.0 and 9.5.3 - Not affected: Deployments on Vercel https://vercel.com are not affected - Not affected: Deployments using next export We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. Patches...

acroread: multiple code execution flaws (APSB13-02)

Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors...