CVE-2026-33894 Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

CVE-2026-24901

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference IDOR vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users,...

FileRise 访问控制错误漏洞

FileRise is a lightweight, self-hosted web-based file manager by Ryan Personal Developer. An access control error vulnerability exists in FileRise versions prior to 1.4.0, which stems from a business logic flaw in file or folder handling that could cause a low-privileged user to perform...

CVE-2025-59832

Horilla HRMS prior to version 1.4.0 contains a stored XSS in the ticket comment editor. A low-privilege authenticated user can inject arbitrary JavaScript that runs in an admin’s browser, potentially exfiltrating cookies/CSRF tokens and hijacking the admin session. The issue has been fixed in ver...

AZL-33565 CVE-2022-32149 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-22

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

PT-2021-7470 · Microsoft +1 · Windows Installer +1

Name of the Vulnerable Software and Affected Versions: Juniper Networks Juniper Identity Management Service JIMS versions prior to 1.4.0 Description: An Improper Privilege Management issue in the Windows Installer framework used in Juniper Networks Juniper Identity Management Service JIMS allows ...

Ruby 参数注入漏洞

Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the individual developer, Yukihiro Matsumoto. A parameter injection vulnerability exists in Ruby versions prior to 1.4.0, which can be exploited by an attacker to read and write arbitrary files via a crafted UR...

Web-Stat 信息泄露漏洞

WordPress Web-Stat is a WordPress open source application. Takes all the content that can be detected and presents the results in clear, user-friendly charts and graphs. A security vulnerability exists in Web-Stat versions prior to 1.4.0 that stems from the wts web stat load init function using t...

Helpdesk Pro Plugin SQL Injection Vulnerabilities

Joomla! is a well-known content management system in foreign countries. Joomla! is a software system developed using the PHP language coupled with a MySQL database, which can be implemented on a variety of different platforms such as Linux, Windows, MacOSX and so on. A SQL injection vulnerability...