EUVD-2026-27313

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

PT-2026-39183

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description Multiple tool implementations bypass the centralized HTTP security wrapper httpSecurity.ts, which is designed to provide Server-Side Request Forgery SSRF protections through deny-list validation, IP...

UBUNTU-CVE-2026-35172

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared dige...

EUVD-2026-9054

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other...

CVE-2026-25899

Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...

EUVD-2018-8230

Malware in sbrugna...

CVE-2021-39171

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an...

CVE-2020-5266

In the pslink module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. The problem is fixed in 3.1.0...

DeShang DSShop Access Control Error Vulnerability

DeShang DSShop is a single-store mobile mall online store system from DeShang, China. The access control error vulnerability exists in DeShang DSShop prior to version 3.1.0. The vulnerability stems from the file public/install.php of the component HTTP GET Request Handler, which results in...

CVE-2023-26583

Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

CVE-2023-27260

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

WordPress Plugin TS Webfonts for SAKURA 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2022-4057 Autoptimize < 3.1.0 - Sensitive Data Disclosure

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs...

WordPress plugin Easy Digital Downloads 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

Zyxel CloudCNM SecuManager 安全漏洞

Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which originates from ...

Jenkins Bitbucket Server Integration Plugin 权限许可和访问控制问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins Bitbucket Server...

CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

IBM Financial Transaction Manager Authorization Issues Vulnerability

IBM Financial Transaction Manager for High Value Payments for Multi-Platform FTM HVP is a financial transaction manager for multi-platforms from IBM, USA. The product is primarily used to monitor, track and report on financial payments and transactions. An authorization issue vulnerability exists...

YxtCMF v3.1.0 SQL Injection Vulnerability in Frontend ShitiController.class.php Page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. YxtCMF v3.1.0 has a SQL injection vulnerability in the frontend ShitiController.class.php page. An attacker can exploit this vulnerability to obtain sensitive...