CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

EUVD-2022-55939

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...

Openfiler 安全漏洞

Openfiler is provides an easy way to deploy and manage network storage. A security vulnerability exists in Openfiler version 2.x, which stems from the device parameter being passed directly to the exec function without validation, which could lead to remote code execution and elevation of privile...

Illumina Universal Copy Service 安全漏洞

Illumina Universal Copy Service is a universal copy service from Illumina, Inc. A security vulnerability exists in Illumina Universal Copy Service version 2.x. An unauthenticated attacker could use UCS to listen to all IP addresses, including those capable of remote communication. An...

Glewlwyd SSO server 安全漏洞

Glewlwyd SSO server is a single sign-on SSO server for multi-factor authentication for OAuth2 and OpenID Connect authentication. A security vulnerability exists in babelouest Glewlwyd SSO server versions 2.x through 2.6.2, which stems from a buffer overflow in the scheme/webauthn.c file in the...

Espressif ESP-IDF Buffer Error Vulnerability

Espressif ESP-IDF is an IoT development framework from China's Lexin Information Technology Espressif. A buffer error vulnerability exists in Espressif ESP-IDF, which can be exploited by attackers to crash an application. The following products and versions are affected: Espressif ESP-IDF 2.x,...

FasterXML jackson-databind information disclosure vulnerability (CNVD-2019-37148 )

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . jackson-databind is one of the components with data binding capabilities . A security vulnerability exists in version 2.x of FasterXML jackson-databind prior to 2.9.9.2. An attacker could exploit this vulnerability to...

Yii Arbitrary LUA Code Execution Vulnerability

Yii is the Yii team developed a set of component-based , high-performance PHP framework for developing large-scale Web applications . A security vulnerability exists in version 2.x of Yii before 2.0.15. A remote attacker can exploit this vulnerability to execute arbitrary LUA code...

Horde_Image Remote Code Execution Vulnerability

HordeImage is an image editing package from Horde USA, which can provide color highlighting, image effect editing and other functions. A remote code execution vulnerability exists in version 2.x of HordeImage prior to 2.5.0. A remote attacker could exploit this vulnerability by sending a speciall...

Horde_Image Denial of Service Vulnerability

HordeImage is an image editing package from Horde USA, which can provide color highlighting, image effect editing and other functions. A denial of service vulnerability exists in version 2.x of HordeImage prior to 2.5.0. An attacker can exploit this vulnerability to cause a denial of service with...