SiYuan 安全漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan 3.6.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /api/av/removeUnusedAttributeView endpoint, which used a user-controlled id parameter to construct fil...

CVE-2026-30403

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...

wgcloud 安全漏洞

WGCloud is a lightweight distributed server monitoring and operation system developed by Tianshiyeben as an individual developer. WGCloud versions 3.6.3 and earlier have security vulnerabilities. These vulnerabilities stem from the test connection feature in backend database management, which...

CVE-2025-66529

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through = 3.6.3...

CVE-2025-66490 Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules

Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters /, , Null,...

PT-2025-48608

The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths int...

EUVD-2025-15479

Malicious code in bioql PyPI...

CVE-2025-32584

Cross-Site Request Forgery CSRF vulnerability in Chat2 Chat2 chat2 allows Cross Site Request Forgery.This issue affects Chat2: from n/a through = 4.0...

WordPress Raptive Ads plugin <= 3.6.3 - Missing Authorization to Unauthenticated Data/Settings Reset vulnerability

Missing Authorization to Unauthenticated Data/Settings Reset vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Raptive Ads versions = 3.6.3...

Symphony Communication ServicesHp Symphony Security Vulnerability

Symphony Communication ServicesHp Symphony is a solution from Symphony Communication ServicesHp, Inc. for connecting and liquefying financial transaction workflows. A security vulnerability exists in Symphony Communication ServicesHp Symphony v.3.6.3 and earlier versions, which originates from a...

com.github.camel-labs:camel-pubnub (=0.1.0), io.relayr:android-sdk (>=0.0.1 <=0.0.7) +3 more potentially affected by CVE-2023-26154 via com.pubnub:pubnub (>=3.6.3 <=3.7.4)

com.pubnub:pubnub MAVEN version =3.6.3, =0.0.1, =0.1.1, =0.1.1, =0.1.1, =0.1.4 Source cves: CVE-2023-26154 Source advisory: OSV:GHSA-5844-Q3FC-56RH...

SUSE CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages...

Teleport 安全漏洞

Teleport is an identity-aware, multi-protocol access agent from Teleport, Inc. Used by engineers and security professionals to unify access to SSH servers, Kubernetes clusters, web applications and databases across all environments. A security vulnerability exists in Teleport versions v3.2.2,...

GHSA-QRCJ-6FJW-3H9H Moodle XSS Vulnerability

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability such as administrators/managers can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped whe...

ALPINE-CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages...

PT-2017-4242 · Python +2 · Python +2

Name of the Vulnerable Software and Affected Versions: Python versions through 3.6.3 Description: The issue is related to insufficient neutralization of special elements in a request, which may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of...