CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

CVE-2026-7400

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

CVE-2022-4986

This CVE pertains to Hirschmann EagleSDV, where a denial-of-service vulnerability can cause the device to crash during session establishment when TLS 1.0 or TLS 1.1 is used. The condition is triggered by initiating TLS connections with these protocol versions, affecting availability. The provided...

CVE-2025-14114

The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Unity Linux 20.1070e Security Update: nodejs (UTSA-2025-680624)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680624 advisory. The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL...

WordPress Bee Layer Slider plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Bee Layer Slider versions = 1.1...

CVE-2023-51316

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

AWS ALB Route Directive Adapter For Istio 安全漏洞

AWS ALB Route Directive Adapter For Istio is an AWS ALB Route Directive Adapter for Istio open source by Amazon Web Services. A security vulnerability exists in AWS ALB Route Directive Adapter For Istio v1.0 and v1.1 that stems from the use of a JWT for authentication that lacks proper signer and...

PT-2024-25166 · Unknown · Ferozo Webmail

Name of the Vulnerable Software and Affected Versions: Ferozo Email version 1.1 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. This enables the attacker to perform actions on the affected system...

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

中天网络科技 OFCMS 跨站脚本漏洞

Zhongtian Network Technology OFCMS is a content management system CMS developed in Java language by China Zhongtian Network Technology Company. A security vulnerability exists in OFCMS v1.1.4, which allows attackers to execute arbitrary web script or HTML by injecting an attack payload into a...

Core: information disclosure due to authentication information exposed in a redirect

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0...

CVE-2018-6291

WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...

Microsoft ASP.NET Core Cross-Site Request Forgery Vulnerability

Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation USA. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A cross-site request forgery vulnerability exists in Microsoft ASP.NET Core...

Wordpress esb-csv-import-export plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . esb-csv-import-export plugin is used in one of the plug-ins for importing and exporting CSV files . A...

D-Link DIR-850L REV.A and REV.B Denial of Service Vulnerabilities

The D-Link DIR-850L REV.A and REV.B are both wireless router products from AUO D-Link. The security vulnerability exists in D-Link DIR-850L REV.A and REV.B devices using firmware FW114WWb07h2abbeta1 and prior versions, and firmware FW208WWb02 and prior versions. A remote attacker could exploit th...

NTT Photopt App Man-in-the-Middle Attack Vulnerability

NTT Photopt App is a suite of applications for managing photos from the NTT Nippon Telegraph and Telephone Corporation group in Japan. A security vulnerability exists in NTT Photopt App version 1.0.0 and 1.1.0, which can be exploited by attackers to conduct man-in-the-middle attacks and listen to...