WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin NEX-Forms versions = 9.1.11...

SUSE CVE-2026-1707

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

[SECURITY] Fedora 43 Update: pgadmin4-9.11-3.fc43

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

CVE-2026-23968 Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false

Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

MiracleLinux 7 : bind-9.11.4-26.P2.10.0.1.el7.AXS7 (AXSA:2022-3876:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3876:04 advisory. bind: memory leak in ECDSA DNSSEC verification code CVE-2022-38177 bind: memory leaks in EdDSA DNSSEC verification code CVE-2022-38178 Tenable has...

CVE-2021-47762

HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated...

PT-2026-3038

HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated...

CVE-2025-64710 Bitplatform Boilerplate has cross-site scripting vulnerability

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting XSS vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web...

CVE-2025-9081

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

Mattermost has Potential Server Crash due to Unvalidated Import Data

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.8.3 and prior 10.8.x, 10.5.8 and prior 10.5.x, 9.11.17 and prior 9.11.x, and 10.9.2 and prior 10.9.x, which stems from an uncleaned path...

SUSE CVE-2025-1412

Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...

CVE-2025-1412

Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...

Viwis LMS 代码注入漏洞

Viwis LMS is a Learning Management System from Viwis Corporation, USA. A code injection vulnerability exists in Viwis LMS version 9.11, which stems from a cross-site scripting attack caused by manipulation of the filename parameter in the file upload component...

PT-2025-3696 · Viwis Lms · Viwis Lms

Name of the Vulnerable Software and Affected Versions: VIWIS LMS version 9.11 Description: A vulnerability has been found in the File Upload component of VIWIS LMS, affecting an unknown functionality. The manipulation of the filename argument leads to cross-site scripting. The attack can be...

CVE-2022-23239

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting XSS attack...

PT-2022-22172 · Mendix · Mendix

Name of the Vulnerable Software and Affected Versions: Mendix Applications using Mendix 9 versions 9.11 through 9.14 Mendix Applications using Mendix 9 version 9.12 versions prior to 9.12.3 Description: An expression injection vulnerability was discovered in the Workflow subsystem of Mendix...

AZL-6326 CVE-2019-6470 affecting package bind for versions less than 9.16.15-3

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All...