EUVD-2026-20229

Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through = 5.13...

CVE-2026-39588

Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through = 5.13...

CVE-2026-33742

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

Invoice Ninja 安全漏洞

Invoice Ninja is an open-source application developed by Invoice Ninja, featuring features for invoices, quotes, projects, and time tracking. Version 5.13.0 of Invoice Ninja contains a security vulnerability. This vulnerability stems from the project description field bypassing the XSS rejection...

Invoice Ninja 跨站脚本漏洞

Invoice Ninja is an open-source application developed by Invoice Ninja, featuring functions for invoices, quotes, projects, and time tracking. Version 5.13.0 of Invoice Ninja contains a cross-site scripting vulnerability. This vulnerability stems from the product notes field allowing raw HTML to ...

MAL-2026-1054 Malicious code in iosysredis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40ebc0b0ce3b008449dfcb8149458898f7bbbffbac1a58a1ac3f5e002585b45c The package iosysredis was found to contain malicious code. Source: ghsa-malware 0d8b923c8adb27e2f28e5804af5428885fe3b1399d1cead59dd5a505e3c6f586 Any...

EUVD-2025-34773

Mattermost Desktop App versions =5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having th...

CVE-2025-56746

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...

Creativeitem Academy LMS 安全漏洞

Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 5.13 and earlier, which stems from the use of predictable Base64 encoded password reset tokens without rate limiting, which could lead...

EUVD-2025-34223

Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Apiinstructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management...

Creativeitem Academy LMS 安全漏洞

Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 5.13 and earlier, which stems from a lack of role validation in the Apiinstructor controller, which could lead to elevation of privile...

CVE-2025-58084

Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL...

PT-2025-41801

Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions through 5.13.0 Description The Mattermost Desktop App does not properly validate URLs originating from outside the configured Mattermost servers. This allows a malicious server to cause the application to crash ...

CVE-2025-61587 Weblate integration with Anubis can lead to Open Redirect via redir parameter

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.13.0 that stems from vulnerability to a reflective cross-site scripting attack that allows session credentials to be stolen...

SUSE CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

AZL-55063 CVE-2025-21614 affecting package packer for versions less than 1.9.5-5

go-git is a highly extensible git implementation library written in pure Go. A denial of service DoS vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git serve...

UBUNTU-CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

PT-2024-11231 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.0-rc3+ 360 Description: The vulnerability is related to the egress tunnel code in the Linux kernel's bridge module. The code uses dst clone and directly sets the result, which can cause problems if the entr...