Netatalk 操作系统命令注入漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.2.1 to 4.4.2 of Netatalk contained a vulnerability related to operating system command injection. This vulnerability...

Gitroom Postiz 跨站脚本漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.21.6 to 2.21.7 contained a cross-site scripting vulnerability. This vulnerability allowed any authenticated user to store arbitrary HTML in post content by manipulating saved...

CVE-2026-33668

Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, when a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV...

CVE-2025-14112

The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menustyle' shortcode attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-64282

CVE-2025-64282 affects the WordPress Radius Blocks plugin (Radius Blocks) up to version 2.2.1. The issue is an Insecure Direct Object References (IDOR) that enables an Authorization Bypass via a user-controlled key , due to misconfigured access control. Impact is described as bypassing access con...

CVE-2025-13466

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

CVE-2025-13466 body-parser vulnerable to denial of service when url encoding is used

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

WordPress Awesome Testimonials plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Awesome Testimonials versions = 2.2.1...

ts3-manager 输入验证错误漏洞

ts3-manager is a web interface for maintaining the Teamspeak3 server by Jonathan Personal Developer. An input validation error vulnerability exists in ts3-manager version 2.2.1 and earlier, which stems from Unicode tagged characters not being handled correctly during the ASCII conversion process,...

WordPress Preloader Plus – WordPress Loading Screen Plugin plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Preloader Plus - Wordpress Loading Screen Plugin versions = 2.2.1...

J2eeFAST SQL注入漏洞

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free backend framework platform . J2eeFAST 2.2.1 suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL...

PYSEC-2020-307

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods ca...

GHSA-8FXW-76PX-3RXV Memory leak in Tensorflow

Impact If a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/c/eager/dlpack.ccL100-L104 The allocated memory is from...

Subdreamer 2.2.1 - SQL Injection / Command Execution

!/usr/bin/perl Subdreamer 2.2.1 command exec exploit @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ supported targets: without forum integration with phpBB2 integration with ipb2 integration with vbulletin2 integration...

pMachine.txt

Informations : °°°°°°°°°°°°° Language : PHP Version : Free 2.2.1 Website : http://www.pmachine.com Problem : Include Security Hole PHP Code/Location : °°°°°°°°°°°°°°°°°°° This will work if registerglobals is ON OR OFF. /pm/lib.inc.php : ------------------------------------------------------------...