Data Sharing Framework 代码问题漏洞

Data Sharing Framework is an open-source distributed medical data sharing and processing framework based on BPMN and FHIR. Versions of Data Sharing Framework prior to 2.1.0 contained code vulnerabilities. These vulnerabilities stemmed from OIDC authentication sessions not having a maximum...

CVE-2026-28268 Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse

Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens upon use and a...

Multer 安全漏洞

Multer is an open-source middleware for Node.js developed by ExpressJS. Versions of Multer prior to 2.1.0 contained a security vulnerability, which was caused by improper handling of specially crafted requests, potentially leading to denial-of-service attacks...

CVE-2025-59352

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal...

CVE-2025-59354 Dragonfly has weak integrity checks for downloaded files

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...

CVE-2025-59351 Dragonfly possibly panics due to nil pointer dereference when using variables created alongside an error

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the first return value of a function is dereferenced even when the function returns an error. This can result in a nil dereference, and cause code to panic. This vulnerability is fixed in 2.1.0...

CVE-2025-59349 Directories created via os.MkdirAll are not checked for permissions

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permission checks when a given directory path...

PT-2025-38274

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description Dragonfly, an open source P2P-based file distribution and image acceleration system, is susceptible to a Man-in-the-Middle attack. The scheduler for downloading small files was configured to use th...

Dragonfly 信任管理问题漏洞

Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A trust management issue vulnerability exists in Dragonfly versions prior to 2.1.0 that stems from disabling TLS certificate validation, which could lead to man-in-the-middle attacks and...

PT-2025-4961 · Unknown · Google Map With Fancybox

Name of the Vulnerable Software and Affected Versions: Google Map With Fancybox versions prior to 2.1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for Cross-site Scripting XSS. Specifically, it enables Reflected XSS...

foxmarks 安全漏洞

foxmarks is an extremely fast, highly extensible and easy to integrate command line read-only interface by zefr0x individual developers. A security vulnerability exists in foxmarks versions prior to v2.1.0, which stems from the presence of insecure privileges that allow a malicious user to read t...

PT-2023-29925 · Kimai · Kimai

Name of the Vulnerable Software and Affected Versions: Kimai versions prior to 2.1.0 Description: Kimai, a web-based multi-user time-tracking application, is vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a...

modoboa 授权问题漏洞

modoboa is an email hosting and management platform for individual developers. An information disclosure vulnerability exists in modoboa versions prior to 2.1.0, which originates when /api/v2/parameters/core/ returns sensitive information without any authentication or authorization. An attacker c...

PT-2023-20167 · Apollo · Apollo

Name of the Vulnerable Software and Affected Versions: Apollo versions prior to 2.1.0 Description: A low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmatio...

SUSE CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

PT-2022-18523 · Synology · Synology Storage Analyzer

Name of the Vulnerable Software and Affected Versions: Synology Storage Analyzer versions prior to 2.1.0-0390 Description: The issue is related to a Path Traversal vulnerability in the webapi component, allowing remote authenticated users to delete arbitrary files via unspecified vectors...

CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

Apache Atlas Cross-Site Scripting Vulnerability (CNVD-2020-52613)

Apache Atlas is a scalable set of core infrastructure governance services that enable organizations to efficiently meet compliance requirements in Hadoop and allow integration with the entire enterprise data ecosystem. A cross-site scripting vulnerability exists in the basic search functionality ...

Joomla jsn gruve directory traversal vulnerability

JoomlaShine is the company that provides free joomla templates. A directory traversal vulnerability exists in joomla jsn gruve pro versions prior to 2.1.0, which can be exploited by attackers to obtain sensitive information...

Verax NMS Password Disclosure (CVE-2013-1631)

Verax NMS Password Disclosure CVE-2013-1631 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing...