CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

CVE-2026-48589

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

CVE-2026-39816 Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

CVE-2025-68161 Apache Log4j Core: Missing TLS hostname verification in Socket appender

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...

CVE-2023-47516

Cross-Site Request Forgery CSRF vulnerability in Stark Digital Category Post List Widget allows Stored XSS.This issue affects Category Post List Widget: from n/a through 2.0...

PT-2024-36063

Name of the Vulnerable Software and Affected Versions: ClipBucket-v5 versions 2.0 through 5.5.1 Revision 199 Description: ClipBucket V5 provides open source video hosting with PHP. The issue exists in the upload/photo upload.php file, specifically within the decode key function. This function...

CVE-2024-7775

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection via getLogHistory Function vulnerability

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated Administrator+ SQL Injection via getLogHistory Function vulnerability discovered by siunam in WordPress Plugin Bit Form versions 2.0 - 2.13.9...

Apache Commons Configuration 缓冲区错误漏洞

Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0), com.testinium.jenkins:testinium (=1.0) +27 more potentially affected by CVE-2022-43407 via org.jenkins-ci.plugins:pipeline-input-step (>=2.0 <=2.8)

org.jenkins-ci.plugins:pipeline-input-step MAVEN version =2.0, =1.0, =0.0.15, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =2.2.0, =1.8-beta-1, =1.8-beta-1, =2.0, =2.5 and more Source cves: CVE-2022-43407 Source advisory: OSV:GHSA-G66M-FQXF-3W35...

ABB Drive Composer 后置链接漏洞

ABB Drive Composer is a 32-bit Windows application from ABB Switzerland. It is used to commission and maintain ABB Common Architecture drives. A security vulnerability exists in ABB Drive Composer that originates from a vulnerability that allows a low-privileged attacker to create and write files...

Horde_Image Remote Code Execution Vulnerability

HordeImage is an image editing package from Horde USA, which can provide color highlighting, image effect editing and other functions. A remote code execution vulnerability exists in HordeImage versions 2.0.0 through 2.5.1. A remote attacker could exploit this vulnerability to execute code...

DEBIAN-CVE-2017-8798

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

DEBIAN-CVE-2010-2799

Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments...

PT-2002-2420 · Max Krasnyansky · Vtun

Name of the Vulnerable Software and Affected Versions: VTun versions 2.0 through 2.5 Description: The Electronic Code Book ECB mode in VTun uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks. This could allow remote attackers to gain sensitive...