Toonflow 路径遍历漏洞

Toonflow is an AI short story production platform developed by HBAI-Ltd. Versions of Toonflow prior to 1.1.1 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of the parameter url in the z.url function within the downloadApp.ts file in the downloadApp...

CVE-2026-2349

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...

EUVD-2026-15453

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...

CVE-2026-3216

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

CVE-2026-3216

CVE-2026-3216 affects Drupal Canvas module prior to 1.1.1. The privilege-requiring SSRF arises when the hidden Drupal Canvas AI submodule is enabled (often via Drupal Recipes or deployment scripts) and improper sanitization of user-supplied data in messages JSON payloads is exploited. An attacker...

CVE-2026-2349 UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...

CVE-2026-2349 UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...

CVE-2026-2349

CVE-2026-2349: Drupal UI Icons XSS due to improper input neutralization. Affected: UI Icons module (versions 0.0.0–1.0.1 and 1.1.0–1.1.1). Condition: vulnerability requires the UI Icons for CKEditor 5 submodule to be enabled. Root cause: insufficient sanitization of user input leading to reflecte...

SimpleJWT 资源管理错误漏洞

SimpleJWT is a JSON Web Token library written in PHP by Kelvin Mo as a personal project. Versions of SimpleJWT prior to 1.1.1 contained a resource management vulnerability. This vulnerability arises from the use of the PBES2 algorithm, allowing unauthenticated attackers to perform denial-of-servi...

WordPress plugin Worker for WPBakery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

Peppol-py 代码问题漏洞

Peppol-py is a Python library open-sourced by Iteras. A code issue vulnerability exists in Peppol-py versions prior to 1.1.1, which stems from a Saxon misconfiguration that could lead to an XXE attack...

CVE-2025-61837 Format Plugins | Heap-based Buffer Overflow (CWE-122)

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-31940

Incorrect default permissions for some IntelR Thread Director Visualizer software before version 1.1.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of...

CVE-2010-2577

Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to 1 storyrss.php or 2 story.php...

Cuba JPA web API 跨站脚本漏洞

The Cuba JPA web API is an open source CUBA Platform framework component for rapid development of enterprise Java applications. A cross-site scripting vulnerability exists in Cuba JPA web API versions prior to 1.1.1, which stems from improper file path manipulation and could lead to malicious...

CVE-2024-13243

Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1...

Firecrawl 代码问题漏洞

Firecrawl is an open source AI web crawler tool from Mendable.ai. A code issue vulnerability exists in Firecrawl versions prior to 1.1.1, which stems from the presence of a server-side request forgery SSRF vulnerability that allows for the disclosure of local network resources via the API...

PT-2024-24921 · Conform · Conform

Name of the Vulnerable Software and Affected Versions: Conform versions prior to 1.1.1 Description: Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to...

CVE-2024-1658

The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-20447 · Npm · @Urql/Next

Name of the Vulnerable Software and Affected Versions: @urql/next versions prior to 1.1.1 Description: The @urql/next package is vulnerable to XSS due to improper escaping of html-like characters in the response-stream. To exploit this, an attacker would need to ensure that the response returns...