PT-2026-45685

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

CVE-2026-10514 1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function getesdatabyhttp of the file backend/apps/db/esengine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. The attack may be initiated...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via insecure Hessian deserialization in the PD store. An attacker can execute arbitrary code by sending maliciously crafted data from a compromised or rogue Raft node. Details Serialization is a process...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can disrupt control over a running virtual machine instance by creating a pod with identical labels to the legitimate virt-launcher pod, misleading the controller into associating the fake pod with t...

PT-2025-45513

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.7.0-beta.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw in the virt-controller. An attacker can disrupt control over a running Virtual Machine Instance VMI by creating a...

PT-2023-23128 · Portswigger +1 · Burp Suite +1

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.2.0 through 1.6.0 Description: This issue is related to improper privilege management. When an attacker has access to a valid but unprivileged account, the exploit can be executed using Burp Suite by sending a login...

PT-2021-23142 · Snudown · Snudown

Name of the Vulnerable Software and Affected Versions: Snudown versions prior to 1.7.0 Description: Snudown, a reddit-specific fork of the Sundown Markdown parser, is vulnerable to denial of service attacks due to its reference table implementation. The hash table used for references written in...

Arbitrary Code Injection

Overview xmlhttprequest is a wrapper for the built-in http client to emulate the browser XMLHttpRequest object. Affected versions of this package are vulnerable to Arbitrary Code Injection. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.sen...