CVE-2026-28116

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...

WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hongdo in WordPress Plugin Progress Planner versions = 1.9.0...

CLEANSTART-2026-KO66630 Security fixes for CVE-2026-25679, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.9.0-r0, 1.9.0-r1

Multiple security vulnerabilities affect the karpenter package. These issues are resolved in later releases. See references for individual vulnerability details...

gleam 安全漏洞

Gleam is an open-source, type-safe, extensible system construction language developed by Gleam. There are security vulnerabilities in Gleam versions 1.9.0-rc1 and earlier, up to 1.16.0-rc1, due to improper path validation when handling git dependencies. These vulnerabilities could lead to arbitra...

CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

PT-2026-2313

Name of the Vulnerable Software and Affected Versions Termix versions 1.7.0 through 1.9.0 Description Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. A Stored Cross-Site Scripting XSS issue exists in the Termix File Manager component d...

Logrus 安全漏洞

Logrus is a logging library for Go by the individual developer Simon Eskildsen. A security vulnerability exists in Logrus versions prior to 1.8.3, 1.9.0, and 1.9.2, which stems from a denial of service that can be caused by logging a single line with a payload greater than 64KB...

WordPress plugin SureMail 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-11826 WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-10190

The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2017-5278

Malware in sbrugna...

WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.9.0 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by domiee13 in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.9.0...

CVE-2025-54876 Jans CLI stores plaintext passwords in the local cli_cmd.log file

The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...

CVE-2024-56471

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

PT-2025-5779 · Ibm · Ibm Aspera Shares

Name of the Vulnerable Software and Affected Versions: IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting sit...

PT-2025-5778 · Ibm · Ibm Aspera Shares

Name of the Vulnerable Software and Affected Versions: IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 Description: This issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure withi...

PT-2024-25230 · Karmada · Karmada

Name of the Vulnerable Software and Affected Versions: karmada versions 1.9.0 and earlier Description: The issue allows a local attacker to execute arbitrary code via a crafted command to get the token component. This is related to token handling and can be exploited for local privilege escalatio...

PT-2023-25477 · Unknown · Skalenetwork Sgxwallet

Name of the Vulnerable Software and Affected Versions: skalenetwork sgxwallet versions 1.9.0 and below Description: The issue allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component. Recommendations: For versions 1.9.0 and below, consider disabling the...

Open Networking Foundation ONOS 跨站脚本漏洞

Open Networking Foundation ONOS is an open source SDN controller from Open Networking Foundation open source. It is used to build next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS versions v1.9.0 through v2.7.0, which stems from the presence of ...

PT-2017-6817 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions 1.1 through 1.9.0-RC1 Description: The issue allows remote attackers to obtain user credentials via a man-in-the-middle attack because HTTP requests are not redirected to HTTPS when the require ssl setting is set to true...