CVE-2026-45369

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

CVE-2026-27189

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...

CVE-2025-13986 Disable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3...

Drupal: Vulnerability in the Disabled Login Page

Drupal Disable Login Page is a content blocking plugin for the Drupal community. Versions of Drupal Disable Login Page prior to 1.1.3 contained a security vulnerability. This vulnerability stemmed from an authentication bypass mechanism, which could lead to unauthorized functionality...

PT-2025-43164

Name of the Vulnerable Software and Affected Versions CMSSuperHeroes Wastia versions prior to 1.1.3 Description A flaw exists in CMSSuperHeroes Wastia that permits the unrestricted upload of files with dangerous types. This allows for the upload of a Web Shell to a Web Server. Recommendations...

WordPress plugin WP Mail Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...

PT-2023-32234 · WordPress · Wp Mail Log

Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue arises from the WP Mail Log WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement, leading to a SQL injection. This can...

SUSE CVE-2021-36780

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn...

SUSE CVE-2021-36779

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

GHSA-VPCV-78CP-WHR3 Use after free in Apache Mesos

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore...

Pacemaker 授权问题漏洞

Pacemaker is a scalable, high-availability cluster resource manager. An authorization issue vulnerability exists in Pacemaker that stoneth-ng of the product passes passwords as command line arguments. This vulnerability can be exploited to obtain the HA stack password. The following products and...

shescape 参数注入漏洞

shescape is open source a simple shell escaping program package for JavaScript . Use it to escape user-controlled input to shell commands to prevent shell injection . A command injection vulnerability exists in versions of shescape prior to 1.1.3, which can be exploited by an attacker to insert a...

Rafael França activerecord-session_store 安全漏洞

Rafael França activerecord-sessionstore is an open source application by Rafael França. A default class is provided, but any object with a textual sessionid and data attribute duck-typed into the Active Record Session class is sufficient. A security vulnerability exists in all versions of...

wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...

wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...

Dell XPS 13 2-in-1 BIOS misconfiguration vulnerability

The Dell XPS 13 2-in-1 is a laptop computer from Dell USA.The BIOS is one of the basic input and output systems. A misconfiguration vulnerability exists in the Dell XPS 13 2-in-1 7390 BIOS versions prior to 1.1.3. A local attacker could exploit the vulnerability to read or write to main memory...

Unspecified vulnerability in deepin-clone (CNVD-2019-23973)

deepin-clone is a disk and partition backup/recovery tool. A security vulnerability exists in deepin-clone versions prior to 1.1.3. An attacker can exploit the vulnerability to gain access to mount points and prevent file system unmounting...

OFCMS backend ueditor uploadScrawl file upload vulnerability

OFCMS is a content management system based on Java technology. A backend ueditor uploadScrawl file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files that fails to take into account the file.jsp::$DATA of the...

OFCMS Backend SQL Injection Vulnerability

OFCMS is a content management system based on Java technology. A backend SQL injection vulnerability exists in versions of OFCMS prior to 1.1.3. An attacker can exploit the vulnerability to launch admin/system/generate/create?sql= SQL injection attack...

CVE-2019-9613

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...