VMware Spring Cloud Config 路径遍历漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a path traversal vulnerability, which stems from t...

PT-2026-34594

Name of the Vulnerable Software and Affected Versions Luanti versions 5.0.0 through 5.15.1 Description A malicious mod can escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This issue affects server-side mods, async, mapgen, and...

PT-2026-7138

Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22...

CVE-2026-22888

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...

3m (>=0.1.1 <=0.1.3), 4dpocket (>=0.1.3 <=0.1.4) +8077 more potentially affected by CVE-2025-14929 via transformers (>=5.0.0 <=5.8.0)

transformers PYPI version =5.0.0, =0.1.1, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =2.3.15.994, =3.4.6 - aait-store-cut-part-001 =0.0.1 - aait-store-cut-part-002 =0.0.1 - aait-store-cut-part-003 =0.0.1 - aait-store-cut-part-004 =0.0.1 - aait-store-cut-part-005 =0.0.1 -...

3m (>=0.1.1 <=0.1.3), 4dpocket (>=0.1.3 <=0.1.4) +8077 more potentially affected by CVE-2025-14926 via transformers (>=5.0.0 <=5.8.0)

transformers PYPI version =5.0.0, =0.1.1, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =2.3.15.994, =3.4.6 - aait-store-cut-part-001 =0.0.1 - aait-store-cut-part-002 =0.0.1 - aait-store-cut-part-003 =0.0.1 - aait-store-cut-part-004 =0.0.1 - aait-store-cut-part-005 =0.0.1 -...

CVE-2025-67719 Ibexa User Bundle is missing password change validation

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

CVE-2024-56143 Strapi Allows Unauthorized Access to Private Fields via parms.lookup

Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset...

CVE-2025-54473

CVE-2025-54473 is an authenticated remote code execution flaw in Phoca Commander for Joomla, affecting versions 1.0.0–4.0.0 and 5.0.0–5.0.1. The issue arises from the unzip feature, enabling code execution after authentication. The CVSSv4 base score is 9.2 (CRITICAL) with high impact to confident...

Joomla! 代码问题漏洞

Joomla! is a free, open source content management system from Joomla! A code issue vulnerability exists in Joomla! versions 1.0.0-4.0.0 and 5.0.0-5.0.1, which stems from a flaw in the decompression feature that could lead to remote code execution...

Compojoom CComment component 跨站脚本漏洞

Compojoom CComment component is a plugin from Compojoom, Inc. A cross-site scripting vulnerability exists in Compojoom CComment component versions 5.0.0-6.1.14, which stems from a stored cross-site scripting vulnerability...

@andesite-lab/andesite-core (=1.60.2), @bechara/crux (>=6.0.0 <=6.6.2) +137 more potentially affected by CVE-2025-32442 via fastify (>=5.0.0 <=5.3.1)

fastify NPM version =5.0.0, =6.0.0, =0.2.305, =1.0.6, =1.0.11, =1.9.4, =2.0.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.8.3 - @citrineos/ocpi-base =2.0.1 - @citrineos/ocpi-cdrs =2.0.1 and more Source cves: CVE-2025-32442 Source advisory: OSV:GHSA-MG2H-6X62-WPWC...

PT-2024-31662 · Unknown · Fieldserver Gateway

Name of the Vulnerable Software and Affected Versions: MSA FieldServer Gateway versions 5.0.0 through 6.5.2 Description: The issue allows cross-origin WebSocket hijacking. This means that an attacker can potentially hijack WebSocket connections from a different origin, which could lead to...

ace-step (=0.1.0), agentic-reliability-framework (>=2.0.0 <=2.0.2) +221 more potentially affected by CVE-2024-51751 via gradio (>=5.0.0 <=5.50.0)

gradio PYPI version =5.0.0, =2.0.0, =0.3.2, =0.1.1, =0.6.0, =0.1.4, =0.0.1, =0.0.1, =0.2.0, =0.1.1, =1.0.1, =1.3.1 and more Source cves: CVE-2024-51751 Source advisory: OSV:PYSEC-2024-275...

PT-2023-28779 · Zpe Systems · Nodegrid Os

Name of the Vulnerable Software and Affected Versions: ZPE Systems, Inc Nodegrid OS versions 5.0.0 through 5.0.17 ZPE Systems, Inc Nodegrid OS versions 5.2.0 through 5.2.19 ZPE Systems, Inc Nodegrid OS versions 5.4.0 through 5.4.16 ZPE Systems, Inc Nodegrid OS versions 5.6.0 through 5.6.13 ZPE...

SUSE CVE-2017-5246

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces . This expression will be evaluated by any other authenticated user who views the...

Parse Server 安全漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 4.10.15, 5.0.0 through 5.2.6. An attacker can use this vulnerability to assign a session object to his or her own user by writi...

Vaadin flow 安全漏洞

Vaadin flow is a software application, a Java framework for the Vaadin platform, for building modern websites that look good, perform well, and keep you and your users happy. A security vulnerability exists in Vaadin flow that allows an attacker to guess a security token via a timing attack. The...

ch.rasc:wamp2spring-security (=1.0.0), cn.springcloud.gray:spring-cloud-gray-server (>=B.0.0.1 <=B.0.0.6) +209 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (>=5.0.0.RELEASE <=5.0.15.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.0.0.RELEASE, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.2, =B.0.0.1, =2.21.8, =0.3.0, =2017.11.28, =2018.1.20 - com.netflix.genie:genie-app =4.0.0-rc.2 and more Source cves: CVE-2020-5408 Source advisory: OSV:GHSA-2PPP-9496-P23Q...

Intercom MaLion for Windows and Mac Authentication Bypass Vulnerability

Intercom MaLion for Windows and MaLion for Mac are both products of Intercom Japan. Intercom MaLion for Windows is an IT asset management solution based on the Windows platform. maLion for Mac is a version based on the Mac platform. A security vulnerability exists in Intercom MaLion versions 5.0....