@beardeddudes/strapi-types (>=0.1.0 <=0.1.1), @bimbeo160/admin (=4.12.2) +70 more potentially affected by CVE-2026-22599 via @strapi/plugin-content-type-builder (>=4.0.0-next.10 <=4.26.0)

@strapi/plugin-content-type-builder NPM version =4.0.0-next.10, =0.1.0, =4.12.2, =0.0.1, =1.0.9, =1.3.2, =4.1.12, =0.2.0, =1.0.0-alpha.2, =1.1.0, =1.4.0-rc.0 - @mtcndyl/strapi-plugin-firebase-auth =1.0.3 and more Source cves: CVE-2026-22599 Source advisory:...

Wazuh 安全漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.0.0 to 4.14.2 have security vulnerabilities; these...

EUVD-2026-9017

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2026-24421

Summary: CVE-2026-24421 affects phpMyFAQ before 4.0.17. Versions 4.0.16 and earlier have flawed authorization logic that exposes the /api/setup/backup endpoint to any authenticated user. The code uses userIsAuthenticated() without verifying configuration/admin permissions, allowing non-admin user...

WordPress plugin WP Adminify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-61101

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinkrmtitfaddr function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

Shell Script Compiler 安全漏洞

Shell Script Compiler is a Shell Script Compiler by the individual developer Md Jahidul Hamid. A security vulnerability exists in Shell Script Compiler version 4.0.3 and earlier, which stems from a stack buffer overflow in the file src/shc.c function make...

Jenkins plugin Cadence vManager 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

WordPress Zoho forms plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Zoho Forms versions = 4.0...

SUSE CVE-2023-41038

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the...

CVE-2021-22281

: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12...

PT-2023-20764 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf versions 4.04 and earlier Description: A PDF object loop in the page label tree leads to infinite recursion and a stack overflow. Recommendations: For Xpdf versions 4.04 and earlier, consider updating to a newer version to mitigate the...

SUSE CVE-2021-45452

Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it...

CVE-2022-26531

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG...

com.slyak:slyak-web-bootstrap (>=1.0.3.RELEASE <=1.0.4.RELEASE), de.smartsquare.squit:de.smartsquare.squit.gradle.plugin (>=2.0.0 <=2.2.0) +23 more potentially affected by CVE-2018-14042 via org.webjars:bootstrap (>=4.0.0 <=4.1.1)

org.webjars:bootstrap MAVEN version =4.0.0, =1.0.3.RELEASE, =2.0.0, =2.1.0, =2.0.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.3 - org.orienteer:orienteer-architect =1.4 - org.orienteer:orienteer-birt =1.4 - org.orienteer:orienteer-bpm =1.4 - org.orienteer:orienteer-camel =1.4 -...

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +5 more potentially affected by CVE-2017-1000246 via pysaml2 (>=4.0.2 <=4.5.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.2.1, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2017-1000246 Source advisory: OSV:PYSEC-2017-26...

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2016-10127 via pysaml2 (>=4.0.2 <=4.4.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2016-10127 Source advisory: OSV:PYSEC-2017-67...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2016-03716)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting vulnerability exists in...

DEBIAN-CVE-2014-9218

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service resource consumption via a long password...