DiceBear 安全漏洞

DiceBear is an open-source random avatar generation library developed by DiceBear. Versions prior to DiceBear 9.4.2 contained security vulnerabilities. These vulnerabilities stemmed from the regular expression-based SVG attribute rewriting logic in the ensureSize function, which could be exploite...

CVE-2022-38291

SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting XSS vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar...

CVE-2025-8573 Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page

Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this...

PT-2025-31998 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 through 9.4.2 Description: Concrete CMS versions 9 through 9.4.2 are susceptible to Stored Cross-Site Scripting XSS originating from the Home Folder on the Members Dashboard page. A malicious administrator could...

PT-2024-20408 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.9 Mattermost versions 9.2.x through 9.2.5 Mattermost versions 9.3.x through 9.3.1 Mattermost versions 9.4.x through 9.4.2 Description: The issue allows an authenticated attacker to crash the client...

CVE-2023-22637

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated...

Authentication flaw

A weak authentication vulnerability CWE-1390 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increas...

K6736: OpenSSH vulnerabilities CAN-2006-5051, CAN-2006-4924

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

PT-2022-26870 · Unknown · Senayan Library Management System

Name of the Vulnerable Software and Affected Versions: Senayan Library Management System version 9.4.2 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the collType parameter at the "loan by class.php" endpoint. Recommendations: For Senayan Library...

Library Management System SQL注入漏洞

Library Management System is a library management system with QR code for attendance and automatic generation of library card by King Albaracin Personal Developer. A security vulnerability exists in Senayan Library Management System version v9.4.2, which was discovered to contain an SQL injection...

Library Management System 跨站脚本漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in Library Management System version v9.4.2, which was discovered to contain a cross-site scripting XSS...

PT-2022-26869 · Unknown · Senayan Library Management System

Name of the Vulnerable Software and Affected Versions: Senayan Library Management System version 9.4.2 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was found in the component pop chart.php. Recommendations: For Senayan Library Management System...

Slims9 Bulian 代码问题漏洞

Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A security vulnerability exists in Slims9 Bulian version v9.4.2, which originates fr...

Slims9 Bulian SQL注入漏洞

Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. Slims9 Bulian suffers from a SQL injection vulnerability that originates from a SQL...

Amazon Pay Plugin Information Disclosure Vulnerability

Amazon Pay Plugin is an online payment plugin from Amazon.com, Inc. Amazon Pay Plugin before 9.4.2 suffers from an information disclosure vulnerability that originates from exposing sensitive information for Shopware...

Larson Network Print Server 9.4.2 build 105 (LstNPS) Logging Function USEP Command Remote Format String

No description provided by source. source: http://www.securityfocus.com/bid/27732/info Larson Software Technology Network Print Server is prone to a format-string vulnerability and a buffer-overflow vulnerability. An attacker can exploit these issues to execute arbitrary code within the context o...

SuSE 11.1 Security Update : acroread (SAT Patch Number 4057)

Specially crafted PDF documents can crash acroread or lead to execution of arbitrary code. Acroread has been updated to version 9.4.2 to address the issues CVE-2010-4091 / CVE-2011-0562 / CVE-2011-0563 / CVE-2011-0565 / CVE-2011-0566 / CVE-2011-0567 / CVE-2011-0570 / CVE-2011-0585 / CVE-2011-0586...

SuSE 11.1 Security Update : acroread_ja (SAT Patch Number 4058)

Specially crafted PDF documents can crash acroread or lead to execution of arbitrary code. Acroread has been updated to version 9.4.2 to address the issues CVE-2010-4091 / CVE-2011-0562 / CVE-2011-0563 / CVE-2011-0565 / CVE-2011-0566 / CVE-2011-0567 / CVE-2011-0570 / CVE-2011-0585 / CVE-2011-0586...

Larson Network Print Server 9.4.2 build 105 - LstNPS Logging Function USEP Command Remote Format String

Larson Network Print Server 9.4.2 build 105 - LstNPS Logging Function USEP Command Remote Format String source: https://www.securityfocus.com/bid/27732/info Larson Software Technology Network Print Server is prone to a format-string vulnerability and a buffer-overflow vulnerability. An attacker c...

SOL7544 - Full-width and half-width Unicode encoded data bypasses IDS/IPS security controls, VU #739224

Unicode is a system for encoding characters of a character set, which is used in networked applications. IDS/IPS or other security devices may fail to decode and recognize the characters that represent an attack if encoded in Unicode, and pass the characters to a target device. If the target devi...