18 matches found
CVE-2026-48166
Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...
PT-2026-51387
Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions 5.0.0 through 5.6.4 Description The login page contains a timing discrepancy that enables unauthenticated attackers to perform email enumeration. This allows an attacker to determine if ...
CVE-2026-29191
Technical details about CVE-2026-29191 are not publicly available in the provided documents. Based on the initial description, no affected products, versions, root cause, or remediation are specified beyond the patch version 4.12.0. Monitor for updates.
EUVD-2026-8794
ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API...
EUVD-2026-8789
ZITADEL's truncated opaque tokens are still valid...
ZITADEL 安全漏洞
ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed by ZITADEL in Switzerland for the era of containers and serverless architectures. Versions of ZITADEL prior to 4.11.1 and 3.4.7 contain security vulnerabilities. These vulnerabilities stem fr...
@beardeddudes/strapi-types (=0.1.0), @mattie-bundle/mattie-strapi-bundle-example (>=1.0.0-alpha.0 <=1.0.0-alpha.3) +17 more potentially affected by CVE-2023-36472 via @strapi/admin (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.11.6)
@strapi/admin NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =1.0.0-alpha.0, =0.0.0-experimental.0a47d9bbb261b49ab02af2597ede27b7bdb196f4, =0.0.0-00c0da0e5db43d5de823f6193c9a3fa0dd11a364, =0.0.0-02d487e4eec68a5961817a4f580ffead9a9362f0,...
silverstripe framework 跨站脚本漏洞
silverstripe framework is a CMS website framework. A security vulnerability exists in silverstripe framework version 4.11 and earlier versions. An attacker can exploit this vulnerability to conduct cross-site scripting attacks...
silverstripe framework 跨站脚本漏洞
silverstripe framework is a CMS web framework. A security vulnerability exists in silverstripe framework version 4.11 and earlier, which originates from allowing XSS to exist via the href attribute of a link...
silverstripe framework 跨站脚本漏洞
silverstripe framework is a CMS web framework. A security vulnerability exists in silverstripe framework version 4.11.0 and earlier, which stems from allowing XSS...
SilverStripe 跨站脚本漏洞
SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . A cross-site scripting vulnerability exists in SilverStripe 4.11 and earlier versions...
PT-2022-23994 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions through 4.11 Description: The issue allows for an XSS vulnerability via the href attribute of a link. A malicious content author could add a JavaScript payload to the href attribute. This is simila...
PT-2022-24239 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.11 and earlier Description: The issue allows for XSS attacks. A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitima...
Octech Oempro Cross-Site Scripting Vulnerability (CNVD-2020-25974)
Octech Oempro is a suite of email marketing software from Octech USA. A cross-site scripting vulnerability exists in the 'CampaignName' parameter of the Campaign.Create command in Octech Oempro versions 4.7 through 4.11. The vulnerability stems from a lack of proper validation of client-side data...
ALPINE-CVE-2019-10218
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this...
Progress Sitefinity CMS Arbitrary File Upload Vulnerability
Progress Sitefinity CMS is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity CMS versions 4.0 through 11.0. The vulnerability can be exploited by an attacker to conduct a phishing attack using a malicious file...
Xen Denial of Service Vulnerability (CNVD-2020-23021)
Xen is an open source virtual machine monitor product developed by the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in X...
PT-2017-2222 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue is related to the dccp v6 request recv sock function in the net/dccp/ipv6.c file of the Linux kernel, which mishandles inheritance. This allows local users to cause a denial of...