19 matches found
CVE-2026-43890
The CVE-2026-43890 issue in Outline affects the subscriptions.create API (server/routes/api/subscriptions/subscriptions.ts) from versions 0.84.0–1.7.0. When a request provides both collectionId and documentId, the route authorizes only the collection branch (if (collectionId)), while the downstre...
CVE-2026-41654
Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...
CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...
PT-2026-26369
Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs wi...
CVE-2026-1713
IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD...
CVE-2026-24743 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Invoice Logo functions of InvoicePlane version 1.7.0. The Upload Invoice Logo function allows the application to upload svg file...
CVE-2026-26076
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...
EyouCMS 安全漏洞
EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou. A security vulnerability exists in EyouCMS v1.7.1, which originates from XML external entity injection and could lead to a denial of service attack...
EUVD-2025-38027
Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through = 1.7.1...
PT-2025-34514 · WordPress · Shortcodehub
Name of the Vulnerable Software and Affected Versions: ShortcodeHub plugin for WordPress versions up to and including 1.7.1 Description: The ShortcodeHub plugin for WordPress is susceptible to Stored Cross-Site Scripting via the author link target parameter due to insufficient input sanitization...
ALPINE-CVE-2024-23337
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...
WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Display Template Name versions = 1.7.1...
WordPress plugin Metorik 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...
AZL-49173 CVE-2024-46674 affecting package kernel for versions less than 5.15.167.1-1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undoplatformdevalloc" is entirely bogus. It drops the reference count from...
DEBIAN-CVE-2023-50246
jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue...
PT-2022-13368 · Archivy · Archivy
Name of the Vulnerable Software and Affected Versions: archivy versions prior to 1.7.0 archivy versions prior to 1.7.1 Description: The issue is an Open Redirect in the GitHub repository archivy/archivy. Recommendations: For versions prior to 1.7.0, update to version 1.7.0 or later. For versions...
ABB CMS-770 Authentication Bypass Vulnerability
The CMS-770 is a multi-loop monitoring system from ABB for monitoring branch circuits in electrical systems. An authentication bypass vulnerability exists in ABB CMS-770 version 1.7.1 and earlier. An attacker could exploit the vulnerability to read sensitive configuration files, which could be us...
Zulip Server invitation system unauthorized operation vulnerability
Zulip Server is a set of open source group chat application written in Python based on the Django framework. invitation system is one of the invitation system . A security vulnerability exists in the invitation system in Zulip Server versions prior to 1.7.1. An attacker can exploit this...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the integrity of protected information.
The vulnerability of the git-1.7.1 package for the Red Hat Enterprise Linux operating system can lead to a breach of protected information. This vulnerability can be exploited remotely...