38 matches found
CVE-2026-44720 OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4...
Netatalk 安全漏洞
Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.4 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from a confusion between UCS-2 typ...
Astra Linux - уязвимость в libsdl2
A potential memory leak issue was discovered in the SDL2 library, specifically in the GLESCreateTexture function within the SDLrendergles.c file. This vulnerability allows an attacker to carry out a denial-of-service attack. The vulnerability affects SDL2 version 2.0.4 and later versions. SDL-1.x...
CVE-2026-5998 zhayujie chatgpt-on-wechat CowAgent API Memory Content Endpoint service.py dispatch path traversal
A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This manipulation of the argument filename causes path traversal. The attack can be initiated remotely. Th...
PT-2026-31854
Name of the Vulnerable Software and Affected Versions zahayujie chatgpt-on-wechat CowAgent versions up to 2.0.4 Description A flaw exists in the function dispatch of the file agent/memory/service.py within the API Memory Content Endpoint component. Manipulation of the filename argument can lead t...
CVE-2026-3210 Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011
Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...
CVE-2026-27965
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...
EUVD-2026-4910
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...
EUVD-2025-204332
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a specially crafted PFCP Session Establishment Request with a CreatePDR that contains a malformed Flow-Description is not robustly validated. The...
CVE-2025-64323
kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...
EUVD-2025-29687
Malicious code in bioql PyPI...
CVE-2025-8398
The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
La MaraDNS
MaraDNS is a small open-source DNS server. It is an authoritative DNS server that handles recursion using the included "Deadwood" program. The MaraDNS repository contains various files, including a README, CHANGELOG, and Dockerfile, which provide information on how to compile and run MaraDNS, as...
GHSA-67RR-84XM-4C7R Next.JS vulnerability can lead to DoS via cache poisoning
Summary A vulnerability affecting Next.js has been addressed. It impacted versions 15.0.4 through 15.1.8 and involved a cache poisoning bug leading to a Denial of Service DoS condition. Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to th...
CVE-2024-43370
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...
PT-2025-3205 · Themify · Themify Audio Dock
Name of the Vulnerable Software and Affected Versions: Themify Audio Dock versions n/a through 2.0.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For...
WordPress Themify Audio Dock plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Themify Audio Dock versions = 2.0.4...
CVE-2024-49230
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Harpreet Singh Ajax Custom CSS/JS allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through 2.0.4...
CVE-2019-25214
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating...
PT-2024-40433 · Surrealdb · Surrealdb
Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.0.4 Description: The issue occurs when the parser fails to handle the conversion of an empty string to a SurrealDB value, such as when casting to a record, duration, or datetime, or when parsing an empty string t...