Lucene search
K

11 matches found

CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

BoidCMS 安全漏洞

BoidCMS is an open-source, free CMS for flat files. It’s used to build simple websites and blogs. It’s developed using PHP and JSON as the database. Versions of BoidCMS prior to 2.1.3 had security vulnerabilities. These vulnerabilities stemmed from insufficient cleanup of tpl parameters, which...

7.2CVSS6.2AI score0.00731EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/03/25 3:20 p.m.5 views

CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...

5.8AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.6 views

JimuReport 安全漏洞

JimuReport is a free reporting tool open-sourced by JEECG in China. A security vulnerability exists in JimuReport 2.1.3 and prior versions, which stems from unauthenticated handling of user-controlled H2 JDBC URLs and could lead to remote code execution...

9.8CVSS7.2AI score0.00944EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.5 views

tar-fs 安全漏洞

tar-fs is a tar-stream filesystem bundle from the individual developer Mathias Buus. A security vulnerability exists in tar-fs versions prior to 3.1.1, 2.1.3, and 1.16.5, which stems from the possibility of bypassing symbolic link validation when the destination directory is predictable...

8.7CVSS7.5AI score0.00516EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.5 views

TrustedFirmware-M 安全漏洞

TrustedFirmware-M is a firmware system for microcontrollers open-sourced by TrustedFirmware UK. A security vulnerability exists in TrustedFirmware-M versions prior to 2.1.3 and prior to 2.2.1, which stems from insufficient length validation during a firmware upgrade, and may result in a buffer...

8.6CVSS6.7AI score0.0043EPSS
Exploits0References4
CVE
CVE
added 2025/04/23 5:7 p.m.57 views

CVE-2025-3900

CVE-2025-3900 affects Drupal Colorbox module before 2.1.3. Affected component: Colorbox (drupal/Colorbox module). Root cause: improper neutralization/insufficient sanitization of input data attributes that can lead to Cross‑Site Scripting (XSS) when rendering web pages. Impact: XSS could be trigg...

6.1CVSS6.2AI score0.00214EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/21 12:0 a.m.3 views

Google Tink 安全漏洞

Google Tink is a multi-language, cross-platform development library providing cryptographic APIs from Google, Inc. A security vulnerability exists in Google Tink versions prior to 2.1.3, which stems from a crypto tink JsonKeysetReader may crash due to invalid input...

7.5CVSS6.6AI score0.00226EPSS
Exploits0References2
OSV
OSV
added 2023/10/25 6:17 p.m.10 views

AZL-31746 CVE-2023-46316 affecting package traceroute for versions less than 2.1.3-1

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines...

5.5CVSS6.9AI score0.00367EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/05/12 12:0 a.m.3 views

PT-2023-22638 · Softexpert · Softexpert Excellence Suite

Name of the Vulnerable Software and Affected Versions: SoftExpert SE Excellence Suite versions prior to 2.1.3 Description: The issue concerns Local File Inclusion in the function /se/v42300/generic/gn defaultframe/2.0/defaultframe filter.php. Recommendations: For versions prior to 2.1.3, update t...

9.8CVSS6.9AI score0.05877EPSS
Exploits5References4
CNNVD
CNNVD
added 2022/09/30 12:0 a.m.5 views

css-what 资源管理错误漏洞

css-what is a CSS selector parser. A resource management error vulnerability exists in versions of css-what prior to 2.1.3, which stems from the use of an unsafe regular expression in the reattr variable of index.js...

7.5CVSS7.2AI score0.01421EPSS
Exploits1References7
CNVD
CNVD
added 2020/04/28 12:0 a.m.2 views

dom4j code problem vulnerability

dom4j is an open source framework for processing XML . A code issue vulnerability exists in dom4j versions prior to 2.1.3. The vulnerability stems from an improperly designed or implemented code development process for a web-based system or product. No detailed vulnerability details are provided ...

9.8CVSS8.7AI score0.07269EPSS
Exploits0References1
Rows per page
Query Builder