12 matches found
EUVD-2026-27653
FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...
CVE-2026-42509 Apache Wicket: crafted strings can break out of the JavaScript sequence
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
GHSA-JWQ7-6J4R-2F92 Prebid.js NPM package briefly compromised
Impact NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Patches 10.10.0 is solved References https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack...
CVE-2025-59038
Prebid.js (npm package) CVE-2025-59038 concerns the 10.9.2 release being briefly compromised by malware that redirected cryptocurrency transactions to the attacker’s wallet. The issue is addressed in version 10.10.0; a workaround is downgrading to 10.9.1. This CVE is tied to the Prebid.js npm pac...
Mattermost has Potential Server Crash due to Unvalidated Import Data
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...
PT-2025-34258 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.5.x through 10.5.8 Mattermost versions 10.10.x through 10.10.0 Mattermost versions 10.9.x through 10.9.3 Description: The application fails to sanitize file names, potentially...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.8.3 and prior 10.8.x, 10.5.8 and prior 10.5.x, 9.11.17 and prior 9.11.x, and 10.9.2 and prior 10.9.x, which stems from an uncleaned path...
Linux Distros Unpatched Vulnerability : CVE-2022-27446
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemcmpfunc.h. CVE-2022-27446 Note that Nessus relies on the...
PT-2024-16701 · Nec · Univerge Ix +1
Name of the Vulnerable Software and Affected Versions: NEC Corporation UNIVERGE IX versions Ver9.2 through Ver10.10.21 NEC Corporation UNIVERGE IX versions Ver10.8 through Ver10.8.27 NEC Corporation UNIVERGE IX versions Ver10.9 through Ver10.9.14 NEC Corporation UNIVERGE IX-R/IX-V version Ver1.2....
WordPress plugin Salon booking system 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
...
MariaDB 安全漏洞
MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A denial of service vulnerability exists in MariaDB Server v10.9 and earlier versions, which stems from the sql/itemcmpfunc.h component containing ...