CVE-2025-13593

Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

CVE-2026-26220

LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD prefill-decode disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.loads without authentication or validation. A...

PT-2026-2284

Name of the Vulnerable Software and Affected Versions Espressif ESP-IDF versions prior to 1.1.0 Description The USB Host HID Human Interface Device Driver in ESP-IDF allows access to HID devices. A flaw exists in the usb class request get descriptor function where it frees and reallocates hid...

CVE-2025-62716

Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?nextpath query parameter allows attackers to supply arbitrary schemes e.g., javascript: that are passed directly to router.push. This results in a cross-site scripting XSS vulnerabilit...

CVE-2025-8627 Unauthenticated Protocol Commands on TP-Link KP303

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 US Smartplug: before 1.1.0...

CVE-2025-55150

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization...

PT-2025-32596

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 1.1.0 Description: Stirling-PDF is a locally hosted web application used for PDF file operations. Prior to version 1.1.0, the application is susceptible to Server-Side Request Forgery SSRF when utilizing the...

RDS Light 安全漏洞

RDS Light is an artificial intelligence framework open-sourced by RDS ai. A security vulnerability exists in RDS Light versions prior to 1.1.0 that stems from a lack of input validation. An attacker exploiting this vulnerability could inject malicious commands, corrupt stored data, or affect API...

PT-2024-23578 · Wpbeginner · Last Viewed Posts By Wpbeginner

Name of the Vulnerable Software and Affected Versions: The Last Viewed Posts by WPBeginner plugin for WordPress versions prior to 1.1.0, or more specifically, version 1.0.0 and earlier. Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted...

PT-2024-40134 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 1.1.0 Description: The issue arises when the SurrealQL parser attempts to recursively parse nested statements or idioms without checking the established depth limit, potentially leading to a stack overflow. An...

PT-2023-23721 · Unknown · Cloudexplorer Lite

Name of the Vulnerable Software and Affected Versions: CloudExplorer Lite versions prior to 1.1.0 Description: The issue concerns a cloud management platform where organization/workspace permissions are not properly checked, allowing users to add themselves to any organization. This has been fixe...

PT-2023-22775 · Red Hat +1 · Red Hat +1

Name of the Vulnerable Software and Affected Versions: Apptainer versions prior to 1.1.0 Apptainer versions 1.1.0 through 1.1.7 with apptainer-suid versions prior to 1.1.8 Description: Apptainer is an open source container platform for Linux that contains an ext4 use-after-free flaw. This flaw ca...

PT-2023-32971 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 1.1.0 Description: A double-free issue exists where a malicious PEM file with 0 bytes of payload data can cause a crash when parsed. This occurs because the file points to already freed memory, which when freed again...

java-merge-sort 安全漏洞

java-merge-sort is a basic standalone disk-based N-way merge-sort component for Java. A security vulnerability exists in java-merge-sort versions prior to 1.1.0, which stems from an insecure temporary file vulnerability in the StdTempFileProvider function in StdTempFileProvider.java, which allows...

CVE-2021-32969

Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code...

Apache Ozone 访问控制错误漏洞

Apache Ozone is a scalable, redundant and distributed object store for Hadoop and cloud-native environments. An authorization issue vulnerability exists in Apache Ozone Cluster versions prior to 1.1.0 related to the affected version allowing access to keys and buckets via curl commands or...

ALPINE-CVE-2016-6303

Integer overflow in the MDC2Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via unknown vectors...