CVE-2026-43938

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger YAFNET.Core/Logger/DbLogger.cs captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, and stores the result in the EventLog.Description column...

CVE-2025-66003 Local users can perform a local root exploit via smb4k mounthelper

An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5...

PT-2024-5612 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.0.5 Description: The issue is related to an open redirect vulnerability in the authentication view of Mobile Security Framework MobSF, a security research platform for mobile applications...

CVE-2023-46693

Cross Site Scripting XSS vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters...

GHSA-GG42-MWR6-P82C Mattermost Server has intermittent Authorization bypass for resource-owners

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Resource-owner authorization can be intermittently bypassed, allowing account takeover...

CVE-2022-26847

SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects...

SPIP 安全漏洞

SPIP is a Web-based content publishing system. The system is primarily used for online collaboration. A security vulnerability exists in SPIP versions prior to 3.2.14 and 4.x through 4.0.5 that could allow an attacker to remotely execute arbitrary code...