org.apache.syncope.core.am:syncope-core-am-logic (=4.1.0), org.apache.syncope.core.am:syncope-core-am-rest-cxf (=4.1.0) +33 more potentially affected by CVE-2026-42782 via org.apache.syncope.core:syncope-core-spring (=4.1.0)

org.apache.syncope.core:syncope-core-spring MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.syncope.core:syncope-core-spring and may be impacted: - org.apache.syncope.core.am:syncope-core-am-logic =4.1.0 -...

CVE-2026-34828 listmonk: Active sessions remain valid after password reset and password change

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-65561

An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request...

EUVD-2025-175314

js-yaml has prototype pollution in merge...

WUZHI CMS 安全漏洞

WUZHI CMS is an open source content management system CMS based on PHP and MySQL by Five Fingers WUZHI. A security vulnerability exists in WUZHI CMS version v4.1.0, which originates from cross-site scripting in the del function...

TOTOLINK CPE CP450 安全漏洞

TOTOLINK CPE CP450 is an outdoor wireless client terminal device from China Gion Electronics TOTOLINK, which is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. A security vulnerability exists in the TOTOLINK CPE CP450...

PT-2023-7891 · Sap · Sap Btp Security Services Integration Library +1

Name of the Vulnerable Software and Affected Versions: SAP BTP Security Services Integration Library Python sap-xssec versions = 4.1.0 It is recommended to upgrade to the latest released version to ensure the issue is fully resolved. No workarounds are available for this issue...

GL.iNet MT3000 操作系统命令注入漏洞

The GL.iNet MT3000 is an AX3000 portable router using the Wi-Fi 6 protocol from China's GL.iNet. An operating system command injection vulnerability exists in the GL.iNet MT3000 version 4.1.0, which stems from the presence of operating system command injection...

kkFileView 跨站脚本漏洞

Keking kkFileView is a Spring-Boot project for online previewing of documents by Keking Technology Keking. A cross-site scripting vulnerability exists in kkFileView v4.1.0, which originates from multiple cross-site scripts in the urls and currentUrl parameters of the...

PT-2019-7062 · WordPress · Wp-Live-Chat-Support

Name of the Vulnerable Software and Affected Versions: wp-live-chat-support plugin versions prior to 4.1.0 Description: The issue concerns JavaScript injections in the wp-live-chat-support plugin for WordPress. Recommendations: For versions prior to 4.1.0, update to version 4.1.0 or later to...