32 matches found
UBUNTU-CVE-2026-56766
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
CVE-2026-56766
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
EUVD-2026-36546
Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...
CVE-2026-44504 Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...
EUVD-2026-17504
Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value...
EUVD-2026-17500
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and 9.7.0-alpha.12, the GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads...
CVE-2025-69324 WordPress NEX-Forms plugin <= 9.1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...
CVE-2023-4889
The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
GHSA-6859-2QXQ-FFV2 pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...
pgAdmin 安全漏洞
pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 9.7 and prior versions that stems from an improper cross-origin open policy, which could lead to unauthorized account access and...
WordPress plugin WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
CVE-2024-6499
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other...
PT-2024-38313 · WordPress · Acymailing
Name of the Vulnerable Software and Affected Versions: AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress versions up to, and including, 9.7.2 Description: The issue is related to arbitrary file uploads due to missing file type validation in the acym...
CVE-2022-43508
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file...
CVE-2022-42459
Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin = 9.7.1 on WordPress...
Veritas Desktop and Laptop Option 跨站脚本漏洞
Veritas Desktop and Laptop Option is a software from Veritas, USA that provides data backup and endpoint protection features for Windows and Mac desktops and laptops. The software supports network-less protection, instant backup, customized failover, self-service restore, and other protection...
PT-2022-19562 · WordPress · Image Hover Effects Ultimate
Name of the Vulnerable Software and Affected Versions: Image Hover Effects Ultimate plugin for WordPress versions up to, and including, 9.7.3 Description: The issue arises from insufficient input sanitization and output escaping in the Video Link values that can be added to an Image Hover. This...
WordPress plugin Image Hover Effects Ultimate跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Image Hover Effects Ultimate plugin 9.7.1 and earlier versions are vulnerable to a cross-site...
CVE-2022-25786
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7...
Secomea GateManager 安全漏洞
Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerability exists in versions prior to Secomea GateManager 9.7, which stems from improper handling of permissions in Secomea GateManager's Web UI, and could be exploited to allow logged-in users to...