CVE-2026-26952 Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an authenticated administrator to inject cod...

CVE-2021-41027

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device...

WordPress plugin Recras 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

RHOPHI Analytics LLP Office App-Edit Word 安全漏洞

RHOPHI Analytics LLP Office App-Edit Word is a document editing software from RHOPHI Analytics LLP. A security vulnerability exists in RHOPHI Analytics LLP Office App-Edit Word version 6.4.1, which stems from a lack of security checks during the file import process and could lead to directory...

EUVD-2023-36809

Malicious code in bioql PyPI...

EUVD-2023-36810

Malicious code in bioql PyPI...

EUVD-2021-30017

Malicious code in bioql PyPI...

EUVD-2024-52343

Malicious code in bioql PyPI...

EUVD-2023-36805

Malicious code in bioql PyPI...

EUVD-2024-52344

Malicious code in bioql PyPI...

CVE-2025-46047

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

GHSA-CV2M-5PFP-F245 Silverpeas Core Username Enumeration Vulnerability

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

Silverpeas 安全漏洞

Silverpeas is a suite of open source business collaboration platforms from Silverpeas Open Source. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas versions 6.4.1 and 6.4.2, which stems from user...

CVE-2025-49067

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NasaTheme Nasa Core nasa-core allows Stored XSS.This issue affects Nasa Core: from n/a through 6.4.1...

CVE-2024-54217

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4.1...

CVE-2024-55578

Zammad before 6.4.1 places sensitive data such as authmicrosoftoffice365credentials and applicationsecret in log files...

CVE-2023-32562

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1...

CVE-2023-32561

A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1...

CVE-2023-32565

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1...

CVE-2023-32560

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1...