11 matches found
BoidCMS 安全漏洞
BoidCMS is an open-source, free CMS for flat files. It’s used to build simple websites and blogs. It’s developed using PHP and JSON as the database. Versions of BoidCMS prior to 2.1.3 had security vulnerabilities. These vulnerabilities stemmed from insufficient cleanup of tpl parameters, which...
CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...
JimuReport 安全漏洞
JimuReport is a free reporting tool open-sourced by JEECG in China. A security vulnerability exists in JimuReport 2.1.3 and prior versions, which stems from unauthenticated handling of user-controlled H2 JDBC URLs and could lead to remote code execution...
tar-fs 安全漏洞
tar-fs is a tar-stream filesystem bundle from the individual developer Mathias Buus. A security vulnerability exists in tar-fs versions prior to 3.1.1, 2.1.3, and 1.16.5, which stems from the possibility of bypassing symbolic link validation when the destination directory is predictable...
TrustedFirmware-M 安全漏洞
TrustedFirmware-M is a firmware system for microcontrollers open-sourced by TrustedFirmware UK. A security vulnerability exists in TrustedFirmware-M versions prior to 2.1.3 and prior to 2.2.1, which stems from insufficient length validation during a firmware upgrade, and may result in a buffer...
CVE-2025-3900
CVE-2025-3900 affects Drupal Colorbox module before 2.1.3. Affected component: Colorbox (drupal/Colorbox module). Root cause: improper neutralization/insufficient sanitization of input data attributes that can lead to Cross‑Site Scripting (XSS) when rendering web pages. Impact: XSS could be trigg...
Google Tink 安全漏洞
Google Tink is a multi-language, cross-platform development library providing cryptographic APIs from Google, Inc. A security vulnerability exists in Google Tink versions prior to 2.1.3, which stems from a crypto tink JsonKeysetReader may crash due to invalid input...
AZL-31746 CVE-2023-46316 affecting package traceroute for versions less than 2.1.3-1
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines...
PT-2023-22638 · Softexpert · Softexpert Excellence Suite
Name of the Vulnerable Software and Affected Versions: SoftExpert SE Excellence Suite versions prior to 2.1.3 Description: The issue concerns Local File Inclusion in the function /se/v42300/generic/gn defaultframe/2.0/defaultframe filter.php. Recommendations: For versions prior to 2.1.3, update t...
css-what 资源管理错误漏洞
css-what is a CSS selector parser. A resource management error vulnerability exists in versions of css-what prior to 2.1.3, which stems from the use of an unsafe regular expression in the reattr variable of index.js...
dom4j code problem vulnerability
dom4j is an open source framework for processing XML . A code issue vulnerability exists in dom4j versions prior to 2.1.3. The vulnerability stems from an improperly designed or implemented code development process for a web-based system or product. No detailed vulnerability details are provided ...