PT-2026-45387

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

CVE-2026-28221 Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

Onyxia 安全漏洞

Onyxia is an open source web application from InseeFrLab designed to be the glue between multiple open source backend technologies. A security vulnerability exists in Onyxia version 4.8.0 and earlier, which stems from a credential leak that could lead to the exposure of sensitive information...

Security Bulletin: Due to use of Connect2id Nimbus JOSE+JWT, IBM Watson Studio in Cloud Pak for Data is affected by denial of service

Summary Connect2id Nimbus JOSE+JWT is used by Watson Studio in Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration cou...

WordPress Jobmonster Theme <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Jobmonster Type Theme Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-57887 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 409b4cb6ad34 Credits Ananda Dhakal Patchstack Required privilege...

01os (=0.0.14), ai-sec (>=0.0.1 <=0.0.9) +250 more potentially affected by CVE-2025-48945 via pycares (>=1.0.0 <=4.8.0)

pycares PYPI version =1.0.0, =0.0.1, =0.7.1, =0.1.0, =0.1.3, =0.1.1, =0.1.0, =2.0.4, =0.1.0, =0.0.1a1, =0.1.3, =22.5.13, =26.1.0 and more Source cves: CVE-2025-48945 Source advisory: OSV:GHSA-5QPG-RH4J-QP35...

Apache Camel 安全漏洞

Apache Camel is an open source integration framework based on the Enterprise Integration Pattern EIP from the Apache Foundation in the United States. The framework provides an implementation of the Enterprise Integration Pattern Java objects POJO , and through the application program interface to...

RuoYi 代码问题漏洞

RuoYi is a backend management system by the individual developer RuoYi in China. A code issue vulnerability exists in RuoYi 4.8.0 and earlier versions, which is caused by deserialization in the getBeanName function of the component Whitelist...

WordPress plugin Poll Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-1160

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and...

PT-2024-17103 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: The Bold Page Builder plugin for WordPress versions up to, and including, 4.8.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's button URL due to insufficient input sanitization and output escaping. This allo...

GU App 权限许可和访问控制问题漏洞

Extreme Goods Trading GU App is a shopping app from China's Extreme Goods Trading Company. A vulnerability exists in GU App versions 4.8.0 to 5.0.2 due to privilege permission and access control issues, which can be exploited by a remote attacker to direct a user to visit an arbitrary website...

PT-2020-11989 · Tsk +1 · The Sleuth Kit +1

Name of the Vulnerable Software and Affected Versions: The Sleuth Kit TSK versions 4.8.0 and earlier Description: A stack buffer overflow issue exists in the YAFFS file timestamp parsing logic within the yaffsfs istat function in fs/yaffs.c. Recommendations: For versions 4.8.0 and earlier, at the...