11 matches found
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the Size field in JSON metadata at the file import endpoint for size checks, rather than the actual...
frontmcp 代码问题漏洞
FrontMCP is an open-source MCP server development framework based on TypeScript, created by AgentFront. Versions of FrontMCP prior to 2.3.0 had code-related vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on URL reference resolution, which could lead to server-side...
CVE-2025-55204 muffon has One-click Remote Code Execution via XSS and Custom URL Handling
muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...
CVE-2025-59833 FlagForgeCTF Hint Exposure via API
Flag Forge is a Capture The Flag CTF platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free,...
CVE-2025-27559
Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access...
Intel QAT 代码问题漏洞
Intel QAT software refers to the collection of software components that support Intel QuickAssist technology. A code issue vulnerability exists in Intel QAT software that stems from an uncontrolled search path that can be exploited by an attacker to cause a local elevation of privilege...
CVE-2025-1756 MongoDB Shell may be susceptible to local privilege escalation in Windows
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...
PT-2024-31543
Name of the Vulnerable Software and Affected Versions PHPSpreadsheet versions prior to 1.29.2 PHPSpreadsheet versions prior to 2.1.1 PHPSpreadsheet versions prior to 2.3.0 Description It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XL...
UBUNTU-CVE-2023-0819
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV...
Radexscript CMS 'SEARCH_TERMS' Parameter SQL Injection Vulnerability
Redaxscript is a free content management system CMS based on PHP and MySQL. The system is mainly used for small businesses and private site builders. A SQL injection vulnerability exists in the 'searchpost' function in the includes/search.php script in Redaxscript versions prior to 2.3.0. A remot...
PT-2001-2674 · Isc +3 · Inn2-Inews +8
Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 2.3.0 ssh-1 versions prior to 1.2.31 Debian GNU/Linux affected versions not specified Description: The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including...