CVE-2026-40201

The CVE-2026-40201 affects @diplodoc/search-extension from versions 1.0.0 through 3.x prior to 3.0.3, where a stored XSS is possible via the title in a .md file. The issue is caused by input not being properly sanitized before being rendered in titles, enabling an attacker-supplied payload to exe...

CVE-2025-48878

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user e.g. with Service desk agent profile to create a ModuleInstallation object when they shouldn't be able to do so. Version 3.2.2 fixes the issue...

CVE-2025-48878

CVE-2025-48878 affects Combodo iTop (3.x) prior to 3.2.2. The vulnerability is an insecure direct object reference that allows a user (e.g., with a Service desk agent profile) to create a ModuleInstallation object when they should not be able to. The issue is resolved in 3.2.2. Impact details are...

EUVD-2020-3171

Malware in sbrugna...

EUVD-2016-3644

Malware in sbrugna...

PT-2024-10232 · Drupal · Drupal Oauth & Openid Connect Single Sign On – Sso

Name of the Vulnerable Software and Affected Versions: Drupal OAuth & OpenID Connect Single Sign On – SSO OAuth/OIDC Client versions 3.0.0 through 3.43.0 Drupal OAuth & OpenID Connect Single Sign On – SSO OAuth/OIDC Client versions 4.0.0 through 4.0.18 Description: The issue is related to imprope...

CVE-2023-1617

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...

CVE-2023-23592

WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information...

Pilz PMC programming tool 授权问题漏洞

Pilz PMC programming tool is a PMC programming tool from Pilz. A security vulnerability exists in Pilz PMC programming tool versions 3.x through 3.5.17 and earlier, which originates from the fact that its user's password can be changed by an attacker without knowing the current password...

PT-2022-8323 · 3S Smart Software Solutions +1 · Codesys Development System +1

Name of the Vulnerable Software and Affected Versions: Pilz PMC programming tool versions 3.x through 3.5.16 Description: A security issue allows an attacker to change a user's password without knowing the current password. This is possible in the Pilz PMC programming tool, which is based on the...

Stiltsoft Handy Macros 跨站脚本漏洞

Stiltsoft Handy Macros is a powerful set of macros from Stiltsoft Inc. It is used to create interactive Confluence content. A security vulnerability exists in Stiltsoft Handy Macros version 3.x through versions prior to 3.5.5. An attacker could exploit this vulnerability to inject arbitrary HTML ...

PT-2022-20959 · Unknown · Newsletter Module

Name of the Vulnerable Software and Affected Versions: Newsletter Module versions 3.x Description: The issue is related to a SQL injection vulnerability. It can be exploited via the zemez newsletter email parameter at the "/index.php" API endpoint. Recommendations: For Newsletter Module version...

Sonatype Nexus Repository Manager 跨站脚本漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A cross-site scripting vulnerability exists in Sonatype Nexus Repository Manager 3.x through 3.37.0. A remote attacker sending a specially...

PT-2022-4819

Name of the Vulnerable Software and Affected Versions Blender versions 2.93.8 through 3.x Description The issue is related to a missing bounds check in the image loader, leading to out-of-bounds heap access. This allows an attacker to cause denial of service, memory corruption, or potentially cod...

CVE-2021-38454

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries...

Path traversal

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries...

Path traversal

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries...

CVE-2021-38454 Moxa MXview Network Management Software

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries...

PT-2021-4286 · Sogo +1 · Sogo +1

Name of the Vulnerable Software and Affected Versions: SOGo versions 2.0.5a through 2.4.1 SOGo versions 3.x through 5.x before 5.1.1 Description: The issue is related to the incorrect validation of cryptographic signatures in SAML assertions, which could allow a remote attacker to impersonate use...

CS2 Network P2P Information Disclosure Vulnerability

CS2 Network P2P is a P2P peer-to-peer networking platform. A security vulnerability exists in CS2 Network P2P 3.x and prior versions. An attacker can exploit this vulnerability to obtain user session data...