15 matches found
CVE-2026-44083 QuMagie
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...
CVE-2026-45412 MaxKB: Unauthenticated SSRF via Workflow Template Import
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...
CVE-2026-45412
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...
PT-2026-43406
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...
eduMFA: Unauthenticated Failcounter Increment on Resolver Tokens via /validate/check
Impact If the resolver parameter is passed, but the user does not exist, all failcounters of tokens in that resolver will be increased. Patches This, along with other issues, was fixed in eduMFA v2.9.1. Workarounds Limiting access to /validate/check to client applications i.e. Shibboleth/FreeRADI...
CVE-2026-0677
Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite allows Object Injection.This issue affects TotalContest Lite: from n/a through 2.9.1...
EUVD-2026-9870
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...
CVE-2026-27384
Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through = 2.9.1...
CVE-2024-47356
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1...
Intel FPGA products 安全漏洞
Intel FPGA products is a family of software applications from Intel Corporation USA. A security vulnerability exists in Intel FPGA products prior to version 2.9.1 that stems from an incorrect input validation issue. A denial of service attack may be allowed...
eProsima Fast DDS Security Vulnerability
eProsima Fast DDS is the C++ implementation of eProsima's OMG Object Management Group DDS Data Distribution Service standard. A security vulnerability exists in eProsima Fast DDS version 2.9.1, which stems from a data sub-message sent to a PDP port that raises an unhandled BadParamException in...
Suprema BioStar 2 License Issue Vulnerability
Suprema BioStar 2 is a web-based biometric security smart lock platform from Suprema Korea. A security vulnerability exists in Suprema BioStar version 2.0 through versions prior to 2.9.1 that stems from the presence of an authentication bypass vulnerability. It is permissible to allow an...
SUSE CVE-2022-35964
TensorFlow is an open source platform for machine learning. The implementation of BlockLSTMGradV2 does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
UBUNTU-CVE-2021-43779
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of...
Unspecified Vulnerability in Softaculous Virtualizor WHMCS Module
softaculous is a tool that assists customers in quickly installing web programs. A security vulnerability in the WHMCS Reseller module in Softaculous Virtualizor prior to version 2.9.1.0 allows an attacker to take control of other virtual machines managed by Virtualizor by accessing a modified UR...