EUVD-2025-210220

Unauthenticated Local File Inclusion in HomeRoofer = 2.11.0 versions...

Exploit for Deserialization of Untrusted Data in Presstigers Simple_Job_Board

CVE-2024-1813 - Simple Job Board ≤ 2.11.0 WordPress - Unauth...

CVE-2026-40607 MantisBT is Vulnerable to Stored XSS Through its Saved-Filter Owner Column

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. There were security vulnerabilities in versions of Nats-Server from 2.11.0 to 2.11.15, as well as in version 2.12.6. These vulnerabilities stemmed from the ability of...

authkit-nextjs may let session cookies be cached in CDNs

In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications...

EUVD-2023-43079

Malicious code in bioql PyPI...

org.apache.jspwiki.it:jspwiki-selenide-tests (>=2.11.0 <=2.12.2), org.apache.jspwiki:jspwiki-210-adapters (>=2.11.0 <=2.12.2) +5 more potentially affected by CVE-2025-24854 via org.apache.jspwiki:jspwiki-main (>=2.11.0 <=2.12.2)

org.apache.jspwiki:jspwiki-main MAVEN version =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.12.2 Source cves: CVE-2025-24854 Source advisory: SNYK:JAVA-ORGAPACHEJSPWIKI-11357915...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions. An attacker could exploit the vulnerability to overwrite sensitive files via a specially crafted HTTP request...

PT-2025-7154 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function in Q-Free MaxTime, specifically in the maxprofile/setup/routes.lua file. This allows an unauthenticated remote...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/accounts/routes.lua. An...

CVE-2024-9413

The transportmessagehandler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor AP to cause a buffer overflow in System Control Processor SCP firmware...

VMware Spring Cloud Data Flow 安全漏洞

VMware Spring Cloud Data Flow is a codebase for streaming and batch data processing in microservices from VMware, Inc. A security vulnerability exists in VMware Spring Cloud Data Flow versions 2.11.0 through 2.11.3, which originates from a malicious user with privileged access to the server's API...

org.apache.jspwiki.it:jspwiki-selenide-tests (>=2.11.0 <=2.12.0), org.apache.jspwiki:jspwiki-210-adapters (>=2.11.0 <=2.12.0) +5 more potentially affected by CVE-2024-27136 via org.apache.jspwiki:jspwiki-main (>=2.11.0 <=2.12.1)

org.apache.jspwiki:jspwiki-main MAVEN version =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.12.1 Source cves: CVE-2024-27136 Source advisory: OSV:GHSA-36GF-VPJ2-J42W...

Containous Traefik 安全漏洞

Containous Traefik is a reverse proxy and load balancer from Containous Corporation, USA. A security vulnerability exists in Containous Traefik that stems from a Denial of Service DOS vulnerability in the Content-length header. Affected products and versions: Traefik v2.11.0 and earlier, v3.0.0-r...

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (>=2.11.0 <=2.11.4) +3 more potentially affected by CVE-2024-29834 via org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.4)

org.apache.pulsar:pulsar-broker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.4 Source cves: CVE-2024-29834 Source advisory: OSV:GHSA-7MG2-6C6V-342R...

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.3) +4 more potentially affected by CVE-2024-27135 via org.apache.pulsar:pulsar-functions-worker (>=2.11.0 <=2.11.3)

org.apache.pulsar:pulsar-functions-worker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 Source cves: CVE-2024-27135 Source advisory: OSV:GHSA-XP2R-G8QQ-44HH...

ansible (>=6.0.0 <=6.7.0), ansible-doctor (>=3.1.2 <=3.1.3) +26 more potentially affected by CVE-2024-0690 via ansible-core (>=2.11.0 <=2.14.11)

ansible-core PYPI version =2.11.0, =6.0.0, =3.1.2, =1.1.2, =1.0.2, =6.0.0, =8.0.0, =1.0.0, =1.4.1, =0.0.1, =0.2.0, =0.1.0, =4.9.0.0, =6.7.0.4 and more Source cves: CVE-2024-0690 Source advisory: OSV:GHSA-H24R-M9QC-PVPG...

CVE-2023-41319

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...

DEBIAN-CVE-2023-40569

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the progressivedecompress function. This issue is likely down to incorrect calculations of the nXSrc and nYSrc variables. This issue h...

Out-of-bounds

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the libfreerdp/codec/rfx.c file there is no offset validation in tile-quantIdxY, tile-quantIdxCb, a...