Alkacon OpenCMS 代码问题漏洞

Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Versions of Alkacon OpenCMS prior to 10.5.1 had code vulnerabilities. These vulnerabilities stemmed from the XXE attack on the Chemistry servlet via cmis-online/query, which could allow unauthorized remote attackers ...

PT-2026-39004

Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.4.1 through 4.6.33 Description PraisonAI is a multi-agent teams system that exposes optional SQL/CQL-backed knowledge-store implementations. These implementations build table and index identifiers using unvalidated name an...

Absinthe 安全漏洞

Absinthe is an open-source GraphQL implementation framework based on Elixir. Versions of Absinthe from 1.2.0 to 1.10.2 contained security vulnerabilities. These vulnerabilities were due to a quadratic algorithm complexity issue in the uniqueness validation of fragment names, which could lead to...

CodeAstro Leave Management System 注入漏洞

The CodeAstro Leave Management System is a leave management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Leave Management System has a vulnerability related to SQL injection, which arises from improper handling of the parameter txtusername in the file/login.php...

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

CVE-2023-42344

Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...

CVE-2024-33722

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-milvus-store is a Spring AI Vector Store - Milvus Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the MilvusVectorStoredoDeleteList implementation. An attacker can inject filter...

CVE-2023-46453

GL.iNet devices running firmware 4.x (notably 4.3.7 on models such as GL-MT3000, GL-AR300M, GL-B1300, GL-AX1800, GL-AR750S, GL-MT2500, GL-AXT1800, GL-X3000, GL-SFT1200) are affected by CVE-2023-46453, an authentication bypass in the web interface. The root cause involves a vulnerable authenticati...

CVE-2023-42344

Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...

emlog SQL注入漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 had a SQL injection vulnerability. This vulnerability stemmed from direct SQL injections in the article creation and updating functions, which could allow attackers to execute arbitrary S...

Linux Distros Unpatched Vulnerability : CVE-2026-39825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses...

PraisonAI SQL注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.9 contained an SQL injection vulnerability. This vulnerability stemmed from multiple backends passing table prefixes directly into f-string SQL statements, which could lead ...

CVE-2026-41929

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

EUVD-2026-28425

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

CVE-2026-41929 Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visual Editor

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

EUVD-2026-28459

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

CVE-2026-41929 Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visual Editor

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

DEBIAN-CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...