PX4 Drone Autopilot 安全漏洞

PX4 Drone Autopilot is an open-source version of the PX4 drone autopilot system. There are security vulnerabilities in versions 1.12.x to 1.15.x of PX4 Drone Autopilot, which stem from a faulty logic protection mechanism for the power-recovery interval. These vulnerabilities could potentially lea...

CVE-2026-26742

The CVE affects PX4 Autopilot versions 1.12.x–1.15.x, where the Re-arm Grace Period protection logic can incorrectly apply in-air re-arm behavior to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds after an automatic landing (default config), pre-flight safety che...

agentengine (>=0.1.5 <=0.1.8), deepmost (=0.5.2) +11 more potentially affected by CVE-2025-9959 via smolagents (>=1.12.0 <=1.19.0)

smolagents PYPI version =1.12.0, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.16.0, =0.0.1.dev0, =0.0.1, =0.3.0, =0.3.7 Source cves: CVE-2025-9959 Source advisory: SNYK:PYTHON-SMOLAGENTS-12549208...

CVE-2025-9618

The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin...

CVE-2025-58156 Centurion ERP users can view hashed authentication tokens that belong to other users

Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed token. This does not include any un-hashed...

OpenXE 代码注入漏洞

OpenXE is a free open source ERP based on Xentral by OpenXE Open Source. A code injection vulnerability exists in OpenXE 1.12 and earlier versions, which stems from the fact that incorrect manipulation of the parameter Notizen can lead to cross-site scripting...

Teedy 安全漏洞

Teedy is an open source, lightweight document management system for individuals and businesses open-sourced by Teedy France. A security vulnerability exists in Teedy versions 1.9 through 1.12, which stems from improper cleanup of user input and allows an unauthenticated attacker to perform variou...

WordPress plugin LH Email 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

SUSE CVE-2012-0804

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...

SUSE CVE-2015-2694

The kdcpreauth modules in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing 1 zero bytes of data or 2 an arbitrary realm name,...

SUSE CVE-2016-4081

epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

WordPress plugin CPT Bootstrap Carousel 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Collective 跨站脚本漏洞

Collective is an open source Plone plugin shared code base by Collective. A security vulnerability exists in Collective collective.contact.widget 1.12 and earlier versions, which stems from a title function in its src/collective/contact/widget/widgets.py file that allows attackers to implement...

br.com.digisan:digisan-java (>=1.0.7 <=1.0.10), com.adaptrex:adaptrex-complete (>=0.9.1 <=0.9.10) +810 more potentially affected by CVE-2014-3643 via com.sun.jersey:jersey-core (>=0.9-ea <=1.12-b01)

com.sun.jersey:jersey-core MAVEN version =0.9-ea, =1.0.7, =0.9.1, =0.1.1, =0.9.1, =v0.27.12, =2.0.4, =1.0.2, =1.0.2, =1.0.1-3, =2.0, =2.0, =1.1.0.1, =1.1.0.1, =4.2.0, =4.2.0, =5.4.3 and more Source cves: CVE-2014-3643 Source advisory: OSV:GHSA-5M48-VR54-VMH3...

Gitea 跨站脚本漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea 1.12.x and 1.13.x before 1.13.4 that allows XSS via issue-specific data under certain circumstances...

UBUNTU-CVE-2020-6106

An exploitable information disclosure vulnerability exists in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability...

PT-2020-6547 · Unknown +1 · F2Fs-Tools +1

Name of the Vulnerable Software and Affected Versions: F2fs-Tools F2fs.Fsck versions 1.12 through 1.13 Description: An information disclosure issue exists in the init node manager functionality. A specially crafted filesystem can be used to disclose information. An attacker can provide a maliciou...

CVE-2020-12712

A vulnerability based on insecure user/password encryption in the JOE job editor component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile...

Backdrop CMS Cross-Site Scripting Vulnerability

Backdrop CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in Backdrop CMS versions 1.12.x before 1.12.8 and 1.13.x before 1.13.3. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker can...

PT-2019-13823 · Backdrop · Backdrop Cms

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions 1.12.x through 1.12.7 Backdrop CMS versions 1.13.x through 1.13.2 Description: The issue allows the upload of entire-site configuration archives through the user interface or command line, without sufficiently checking...