10 matches found
CVE-2025-9225
Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...
PT-2025-32353 · Mir · Mir
Name of the Vulnerable Software and Affected Versions: MiR software versions prior to 3.0.0 Description: MiR software versions prior to 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary command...
Carbon 安全漏洞
Carbon is a DateTime PHP extension to the Carbon open source. A security vulnerability exists in Carbon versions prior to 3.0.0 through 3.8.4 and prior to 2.72.6, which stems from an arbitrary file inclusion vulnerability when passing unfiltered user input to the Carbon::setLocale application,...
GHSA-HC74-9VJM-C9XV Apache Superset Open Redirect vulnerability
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0...
HtmlUnit 安全漏洞
HtmlUnit is an open source java page analysis tool , read the page , you can effectively use HtmlUnit to analyze the content on the page . HtmlUnit version before 3.0.0 has a security vulnerability. Attackers use the vulnerability to remotely execute code...
global-modules-path 安全漏洞
global-modules-path is a utility that returns the path of a global installation package. A security vulnerability exists in global-modules-path versions prior to 3.0.0, which stems from a lack of cleaning of user input or a failure to sandbox the getPath function...
Hide Files on GitHub 跨站脚本漏洞
Hide Files on GitHub is a Chrome extension by Sindre Sorhus Personal Developer. Hide unimportant files in the GitHub file browser. A cross-site scripting vulnerability exists in Hide Files on GitHub versions prior to 3.0.0, which stems from an issue with the file extension/options.js function...
Intel SDP Tool 授权问题漏洞
Intel SDP Tool is a server debugging and configuration tool from Intel Corporation USA. A security vulnerability exists in Intel SDP Tool versions prior to 3.0.0, which stems from incorrect authentication and could allow unauthenticated users to potentially achieve information disclosure by...
Actix-http 环境问题漏洞
Actix-http is the HTTP primitive for the Actix ecosystem. An environmental issue vulnerability exists in Actix-http that stems from the product's failure to detect HTTP HRS requests, which can be exploited by an attacker to cause a credential disclosure. The following products and versions are...
Input validation
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability...