wlc 跨站脚本漏洞

WLC is an open-source command-line client developed by Weblate. Versions of WLC prior to 2.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTML output formats that did not escape API response data, which could lead to cross-site scripting attacks...

GHSA-GX3V-WXFJ-8H24 Eclipse BaSyx Java Server SDK vulnerable to Server-Side Request Forgery

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

Eclipse BaSyx Java Server SDK 路径遍历漏洞

Eclipse BaSyx Java Server SDK is an industrial digital development toolkit from the Eclipse Foundation. Versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10 contained a path traversal vulnerability. This vulnerability stemmed from insufficient path normalization in the Submodel...

LogonTracer 安全漏洞

LogonTracer is a visual system log analysis tool developed by the Japanese JPCERT organization. This product can detect malicious login attempts by analyzing Windows Active Directory event logs. Versions of LogonTracer prior to 2.0.0 contained security vulnerabilities; these vulnerabilities were...

CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP...

CVE-2026-35196

Chamilo LMS vulnerable to OS Command Injection prior to 2.0.0-RC.3. The flaw resides in the gradebook.ajax.php endpoint (export_all_certificates action), where the course code is taken from $_SESSION['_cid'] via api_get_course_id() and concatenated into a shell_exec() command without sanitization...

NEXULEAN 信任管理问题漏洞

NEXULEAN is a personal work collection and service display platform created by Stalin, a cybersecurity professional. Versions of NEXULEAN prior to 2.0.0 had vulnerabilities related to trust management. These vulnerabilities stemmed from the exposure of Firebase and Web3Forms API keys, allowing...

CVE-2025-68697 Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node...

EUVD-2025-198025

Drupal Simple multi step form allows Cross-Site Scripting...

Conventional Changelog 参数注入漏洞

Conventional Changelog is an open source update log generation tool from Conventional Changelog. A parameter injection vulnerability exists in Conventional Changelog versions prior to 2.0.0 that stems from not cleaning or validating user input in the getTags API, which could lead to a parameter...

CVE-2024-8607

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0...

PT-2023-8393 · Nginx-Ui · Nginx-Ui

Name of the Vulnerable Software and Affected Versions: Nginx-ui versions prior to 2.0.0.beta.9 Description: The issue is related to the Nginx UI server, where the API exposes certain settings such as test config cmd, reload cmd, and restart cmd, which can be modified by sending a request to the...

PT-2023-20390 · Joomsky · Joomsky Js Job Manager

Name of the Vulnerable Software and Affected Versions: JoomSky JS Job Manager plugin versions prior to 2.0.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For JoomSky JS Job Manager plugin...

Adobe Substance 3D Stager 安全漏洞

Adobe Substance 3D Stager is a virtual 3D studio from Audobee Adobe USA. A security vulnerability exists in Adobe Substance 3D Stager versions prior to 2.0.0 that originates from an out-of-bounds write and can be exploited by an attacker to cause a memory leak...

PT-2022-28091 · Tss-Lib · Tss-Lib

Name of the Vulnerable Software and Affected Versions: tss-lib versions prior to 2.0.0 Description: The issue concerns a collision of hash values. This collision can potentially lead to security issues, although specific details about exploitation or affected devices are not provided...

CVE-2021-25059

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download a full copy of the website...

IdentityServer4.Admin 跨站脚本漏洞

IdentityServer4.Admin is an administration for IdentityServer4 and Asp.Net Core Identity by Jan Škoruba, a Czech individual developer. A security vulnerability exists in IdentityServer4.Admin versions prior to 2.0.0, which can be exploited by an attacker to conduct cross-site scripting XSS attack...

UBUNTU-CVE-2020-11047

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetectrecvbandwidthmeasureresults. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0...

PT-2020-10459 · Heartland & Global Payments · Heartland & Global Payments Php Sdk

Name of the Vulnerable Software and Affected Versions: Heartland & Global Payments PHP SDK versions prior to 2.0.0 Description: The issue concerns the failure to enforce SSL certificate validations in the Gateways/Gateway.php file. This could potentially lead to security risks, as it may allow fo...

GNU libcdio 'get_cdtext_generic()' function double release vulnerability

GNU libcdio is a CD-ROM input and control library that contains a library of functions for accessing CD-ROMs and CD images. A security vulnerability exists in the 'getcdtextgeneric' function in the lib/driver/cdiogeneric.c file in GNU libcdio versions prior to 2.0.0. A local attacker can exploit...