17 matches found
CVE-2026-2525
A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-67955
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue affects MyHome Core: from n/a through = 4.1.0...
EUVD-2025-30585
Malicious code in bioql PyPI...
CVE-2024-26481
Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter...
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
CVE-2023-51490
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0...
CVE-2025-47509 WordPress Top 10 plugin <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Top 10 top-10 allows Stored XSS.This issue affects Top 10: from n/a through = 4.1.0...
CVE-2025-1747
CVE-2025-1747 describes HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. The issue allows an attacker to modify the HTML of a victim’s browser by sending a malicious URL and altering the parameter name in /account/login. Affected software: OpenCart (opencart/opencart package in...
Apache Superset 安全漏洞
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security vulnerability exists in Apache Superset versions prior to 4.1.0 that stems from improper authorization, which allows an attacker with SQLLab access to construct specially crafted SQL D...
PT-2024-4042 · Unknown +5 · Tpm2 Software Stack +5
Name of the Vulnerable Software and Affected Versions: TPM2 Software Stack versions prior to 4.1.0 Description: The issue is related to the TPM2 GENERATED VALUE function in the TCG TPM2 TPM2 Software Stack implementation. It lacks a check to ensure the magic number in the attest matches the TPM2...
Kirby security breach
Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby CMS version v4.1.0, which stems from a Reflected Cross-Site Scripting XSS vulnerability via URL parameters...
PT-2022-26771 · Unknown · Kkfileview
Name of the Vulnerable Software and Affected Versions: kkFileView version 4.1.0 Description: The issue allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. This is achieved through a Server-Side Request Forgery SSRF in the...
Apache POI Information Disclosure Vulnerability
Apache POI is an open source JAVA library for reading and writing Microsoft document formats . An information disclosure vulnerability exists in Apache POI 4.1.0 and earlier versions. When converting a user-supplied Microsoft Excel document using the XSSFExportToXml tool, an attacker can exploit...
UBUNTU-CVE-2019-10191
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol...
WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2019-05295)
WUZHI CMS is five fingers WUZHI company based on PHP and MySQL open source content management system CMS. WUZHI CMS version 4.1.0 in the existence of cross-site scripting vulnerability, a remote attacker can / index.php?m=core&f=map&v=baidumap URL 'x' and 'y' parameters to exploit the The...
WUZHI CMS SQL Injection Vulnerability (CNVD-2019-03304)
WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in the coreframe/app/coupon/admin/copyfrom.php file in WUZHI CMS version 4.1.0. A remote attacker can exploit this vulnerabili...
GNU oSIP libosip2 Denial of Service Vulnerability (CNVD-2017-07201)
GNU oSIP is a library developed by the GNU Project to provide developers with an interface to multimedia and communications. libosip2 is a standard library for multithreading safety written in C. It is a library that is used in the GNU Project. A denial of service vulnerability exists in the...