Advisory ROSA-SA-2026-3269

software: angie 1.11.5 AXIS: ROSA-CHROME unaffected versions = angie-1.11.5-1 affected versions angie-1.11.5-1 CVE-ID: CVE-2026-42945 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A heap buffer overflow vulnerability in the ngxhttprewritemodule NGINX Plus and NGINX Open Source module allows an...

SUSE CVE-2026-40923

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal pat...

CVE-2026-33737

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

CVE-2026-28019

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through = 1.11...

CVE-2026-28020

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Chroma chroma allows PHP Local File Inclusion.This issue affects Chroma: from n/a through = 1.11...

CVE-2025-52476 Chamilo: Reflected XSS via keyword_active parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...

PT-2026-6736

Name of the Vulnerable Software and Affected Versions html5 snmp version 1.11 Description The software contains a persistent cross-site scripting issue. An attacker can inject malicious scripts through the Remark parameter in the add router operation.php file. By crafting a POST request with a...

CVE-2025-30948

Cross-Site Request Forgery CSRF vulnerability in Giraphix Creative Layouts for Elementor layouts-for-elementor allows Cross Site Request Forgery.This issue affects Layouts for Elementor: from n/a through = 1.11...

CVE-2023-1572

A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to...

CVE-2025-22907

RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function...

WordPress plugin Custom Post Type Lockdown 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

EDIMAX RE11S 安全漏洞

EDIMAX RE11S is a router from EDIMAX. A security vulnerability exists in EDIMAX RE11S v1.11, which stems from the discovery that the command parameter via /goform/mp contains a command injection vulnerability...

PT-2025-4739 · Re11S · Re11S

Name of the Vulnerable Software and Affected Versions: RE11S version 1.11 Description: A stack overflow issue was discovered in the setWAN function via the pptpUserName parameter. This issue can be exploited, potentially leading to unintended consequences. No information is available about the...

MiniCMS 跨站请求伪造漏洞

MiniCMS is a mini content management system designed for personal websites by Dada bg5sbk, an individual developer. A cross-site request forgery vulnerability exists in MiniCMS version 1.11, which originates from an unknown function in the file page-edit.php that can lead to cross-site request...

CVE-2024-43147

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Merkulove Selection Lite allows Stored XSS.This issue affects Selection Lite: from n/a through 1.11...

ELECOM WRC-X6000XS-G、WRC-X1500GS-B和WRC-X1500GSA-B 安全漏洞

ELECOM WRC-X6000XS-G and others are a wireless router from ELECOM Japan. A security vulnerability exists in the ELECOM WRC-X6000XS-G, WRC-X1500GS-B, WRC-X1500GSA-B v1.11 and earlier versions, which originates from viewing a malicious page while logged in to an affected product with administrative...

Chamilo LMS SQL Injection Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS versions v.1.11 through...

CVE-2023-31222

Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or...

GHSA-P6M6-9J36-VFJX glazedlists XML Deserialization vulnerability

An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode parameter...

SUSE CVE-2013-1844

Cross-site scripting XSS vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...