CVE-2026-46391 HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the...

arches (=8.0.0a1), desktop-django-starter (=0.1.0) +33 more potentially affected by CVE-2026-33033 via django (>=6.0.0 <=6.0.3)

django PYPI version =6.0.0, =2.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.2.0b1 and more Source cves: CVE-2026-33033 Source advisory: OSV:GHSA-5MF9-H53Q-7MHQ...

PT-2026-28623

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The get api video file and get api video API endpoints do not verify video passwords for password-protected videos. This allows an unauthenticated...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the getapivideopasswordiscorrect API endpoint, which allowed any unverified user to validate...

[SECURITY] Fedora 42 Update: python-pyqt6-6.9.0-5.fc42

PyQt6 is Python bindings for Qt6...

HCL MyXalytics 安全漏洞

HCL MyXalytics is an analytics software product from HCL India. It is used to perform data analysis and other related tasks. A security vulnerability exists in HCL MyXalytics version 6.6 that stems from the use of a vulnerable or outdated version...

CVE-2025-9979

CVE-2025-9979 concerns the Maspik WordPress plugin (versions up to 2.5.6). The root cause is missing capability checks in the Maspik_spamlog_download_csv function, enabling authenticated users with subscriber-level access and above to export the spam log database, which may contain misclassified ...

GHSA-MVWQ-HCRJ-F5X9 Apereo CAS has inefficient regular expression complexity

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...

changed-files 安全漏洞

changed-files is tj-actions open source for keeping track of all changed files and directories associated with a target branch, previous commits, or relative paths returned from the project root for the last remote commit. A security vulnerability exists in versions prior to changed-files v46,...

Canon多款产品 缓冲区错误漏洞

Canon Generic PCL6 V4 Printer Driver and others are products of Canon Japan.Canon Generic PCL6 V4 Printer Driver is a Canon Generic PCL6 V4 printer driver.Canon Generic UFR II V4 Printer Canon Generic UFR II V4 Printer Driver is a Canon Generic UFR II V4 printer driver.Canon Generic LIPSLX V4...

PT-2023-31487 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to v6.0.0 Description: A stored cross-site scripting issue exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page. This could allow an arbitrary...

Vulnerability fixed in OpenSSH

A vulnerability has been fixed in OpenSSH. A malicious party could potentially use a Man-in-the-Middle attack to weaken the connection between a client and server and thus gain access to the data transmitted over this connection. This Man-in-the-Middle attack has been given the name "Terrapin...

SUSE CVE-2015-2750

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence...

CVE-2022-1982

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post...

CVE-2019-5318

A remote cross-site request forgery csrf vulnerability was discovered in Aruba Operating System Software versions: 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability...

UBUNTU-CVE-2019-5737

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated...

Unspecified Vulnerability in Mozilla Firefox (CNVD-2019-08532)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 66, which originated when a document sent over an FTP connection could be injected into an alert. The vulnerability can be exploited ...

DEBIAN-CVE-2018-1318

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server ATS 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrad...

Buffer Overflow Vulnerability in 2345 Security Guard

2345 is a network software that protects the user's safety on the Internet. A buffer overflow vulnerability exists in the NetFirewall.sys driver file in version 3.6 of 2345 Security Guard, which can be exploited by an attacker to send very long data resulting in arbitrary code execution...

UBUNTU-CVE-2015-2750

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence...