15095 matches found
PT-2026-39489
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts v...
PT-2026-39488
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts...
PT-2026-39493
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET...
PT-2026-39478
WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...
Linux Distros Unpatched Vulnerability : CVE-2026-45184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used. CVE-2026-45184 Note that Nessus relies on the presen...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
DEBIAN-CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
UBUNTU-CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive has a vulnerability in versions prior to 26.04.1 where dangerous proxy parameters can be introduced via an attacker-controlled project file. The issue affects handling of proxies within the project file, with potential impacts to confidentiality and integrity (per CVSS: LOCAL, HIGH impac...
SUSE CVE-2026-39825
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...
SUSE CVE-2026-43135
In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in sndcx23885hwparams In error path, add cx23885alsadmaunmap to release the resource acquired by cx23885alsadmamap...
CVE-2025-63704
NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...
Wavlink NU516U1 命令注入漏洞
Wavlink NU516U1 is a wireless print server developed by Wavlink Corporation. The Wavlink NU516U1 M16U1V240425 version has a command injection vulnerability. This vulnerability stems from the direct passing of parameters pppusername/ppppasswd/rwanip/rwanmask/rwangateway through the wan function in...
Kdenlive 安全漏洞
Kdenlive is a video editing software from the Kdenlive organization that supports multi-track editing with rich effects processing. A security vulnerability exists in Kdenlive versions prior to 26.04.1 that stems from allowing dangerous proxy parameters when using an attacker-controlled project...
PT-2026-39422
Name of the Vulnerable Software and Affected Versions Kdenlive versions prior to 26.04.1 Description An issue exists where the software allows the injection of dangerous proxy parameters when a project file controlled by an attacker is used. Recommendations Update to version 26.04.1...