CVE-2026-1815

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

WordPress plugin Harper 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

UBUNTU-CVE-2025-54988

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

CVE-2025-54988

This CVE-2025-54988 vulnerability is an XXE in Apache Tika affecting tika-core/tika-pdf-module/tika-parsers, allowing XML External Entity injection via a crafted XFA PDF. The NVD entry covers Apache Tika 1.13–3.2.1 with a fix in 3.2.2; UAs may read sensitive data or trigger internal requests. Sev...

CVE-2025-27522

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick 1 to solve it. 1...

PT-2024-11758 · Unknown · Ajax Thumbnail Rebuild

Name of the Vulnerable Software and Affected Versions: AJAX Thumbnail Rebuild versions 1.13 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects the AJAX Thumbnail Rebuild software. Recommendations: For versions 1.13 and earlier, updat...

Pandoc 输入验证错误漏洞

Pandoc is a Haskell library for converting from one markup format to another, as well as command line tools that use the library. An input validation error vulnerability exists in Pandoc versions 1.13 through prior to 3.1.4, which stems from vulnerability to an arbitrary file write vulnerability...

PT-2023-9554

Name of the Vulnerable Software and Affected Versions Pandoc versions 1.13 through 3.1.4 Description Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media...

Gitea 跨站脚本漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea 1.12.x and 1.13.x before 1.13.4 that allows XSS via issue-specific data under certain circumstances...

UBUNTU-CVE-2020-6106

An exploitable information disclosure vulnerability exists in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-12712

A vulnerability based on insecure user/password encryption in the JOE job editor component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile...

@agrc/helpers (>=1.0.0 <=1.0.1), @dojo/interop (>=4.0.0 <=7.0.0) +3 more potentially affected by CVE-2020-5258 via dojo (>=1.13.0 <=1.13.6)

dojo NPM version =1.13.0, =1.0.0, =4.0.0, =0.1.10, =1.13.0, =1.13.0, =1.13.10 Source cves: CVE-2020-5258 Source advisory: OSV:GHSA-JXFH-8WGV-VFR2...

Backdrop CMS Cross-Site Scripting Vulnerability

Backdrop CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in Backdrop CMS versions 1.12.x before 1.12.8 and 1.13.x before 1.13.3. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker can...

PT-2019-13823 · Backdrop · Backdrop Cms

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions 1.12.x through 1.12.7 Backdrop CMS versions 1.13.x through 1.13.2 Description: The issue allows the upload of entire-site configuration archives through the user interface or command line, without sufficiently checking...

CVE-2018-1274

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...