EUVD-2026-23241

@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes...

CVE-2026-33804 @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

CVE-2025-53574

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ptibogxiv Doliconnect doliconnect allows Reflected XSS.This issue affects Doliconnect: from n/a through = 9.3.2...

EUVD-2024-2673

Malicious code in bioql PyPI...

CVE-2025-21040

Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information...

PT-2025-35694

Name of the Vulnerable Software and Affected Versions: S Assistant versions prior to 9.3.2 Description: Improper verification of intent by ExternalBroadcastReceiver in S Assistant allows local attackers to modify itinerary information. Recommendations: Update S Assistant to version 9.3.2 or later...

CVE-2020-5284

Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory .next. This does not affect files outside of the dist directory .next. In general, the dist directory only holds build assets unless your applicatio...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Monster Menus prior to version 9.3.2, which stems from the inclusion of an authorization error vulnerability...

PT-2024-9365 · Splunk · Splunk Secure Gateway App +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.2 Splunk Enterprise versions prior to 9.2.4 Splunk Enterprise versions prior to 9.1.7 Splunk Secure Gateway app versions prior to 3.4.261 Splunk Secure Gateway app versions prior to 3.7.13 Description:...

Concrete CMS 跨站脚本漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A cross-site scripting vulnerability exists in Concrete CMS versions 9.0.0 through 9.3.2, which stems from vulnerability to stored cross-site scripting attacks...

CVE-2024-7394 Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName()

Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName. A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v4.0 rank of 4.6 with vector...

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

Command injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

PT-2023-3806 · Sonicwall · Sonicwall Gms +1

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to the exposure of sensitive information to unauthorized actors in SonicWall GMS and Analytics, allowing an...

PT-2023-3799 · Sonicwall · Sonicwall Gms +1

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue allows an authenticated attacker to read the administrator password hash via a web service call, due to exposure of...

DNN (DotNetNuke) <= 9.3.2 XSS Vulnerability

DNN formerly DotNetNuke is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-1768 RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the /rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...

PT-2022-14100

Name of the Vulnerable Software and Affected Versions carrcommunications rsvpmaker versions 9.3.2 and earlier Description An unauthenticated SQL injection flaw exists in the rsvpmaker-email.php file. This allows for database extraction with minimal barriers to access. It is estimated that over...