Astra Linux - уязвимость в node-loader-utils

A prototype pollution vulnerability exists in the parseQuery function in parseQuery.js, within the webpack-loader-utils module. This issue affects all versions prior to 1.4.1 and 2.0.3...

PT-2026-38966

Name of the Vulnerable Software and Affected Versions ai-scanner versions 1.0.0 through 1.4.0 Description Remote code execution is possible via JavaScript injection in the BrowserAutomation::PlaywrightService function. This software is an AI model safety scanner built on NVIDIA garak...

scitokens 安全漏洞

Scitokens is an open-source science computing token library developed by SciTokens. Versions of Scitokens prior to 1.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the library’s practice of normalizing path components within tokens before authorization, which could lea...

CVE-2025-69208 free5GC UDR's NEF incorrectly returns 500 for missing PFD data (UDR 404) in Nnef_PfdManagement GET request

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the NnefPfdManagement service may be...

CVE-2025-69330

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through 1.4.1...

CVE-2025-69329

Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through 1.4.1...

CVE-2025-69329

Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through 1.4.1...

CVE-2025-69330 WordPress Prestige theme < 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through 1.4.1...

CVE-2025-69329 WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through 1.4.1...

PT-2026-21145

Name of the Vulnerable Software and Affected Versions Jthemes Prestige versions prior to 1.4.1 Description The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-Site Scripting XSS. This means that malicious code can be injecte...

WordPress Prestige theme < 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Prestige versions 1.4.1...

WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Prestige versions 1.4.1...

CVE-2025-10873 Elementinvader Addons for Elementor < 1.4.1 – Unauthenticated Arbitrary Email Sending

The ElementInvader Addons for Elementor WordPress plugin before 1.4.1 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses due to missing authorization on the elementinvaderaddonsforelementorformssendform action...

Alloy 安全漏洞

Alloy is a library in Rust open sourced by Alloy. A security vulnerability exists in Alloy versions prior to 0.8.26 and prior to 1.4.1, which stems from the mishandling of malformed input by alloydynabi::TypedData, which could lead to a denial-of-service attack...

WordPress plugin Classic Editor and Classic Widgets SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

AJ-Report 安全漏洞

AJ-Report is an open source visual design tool from anji-plus. A security vulnerability exists in AJ-Report versions prior to 1.4.1, which originates from a remote, unauthenticated attacker who can attach swagger-ui to an HTTP request to bypass authentication and execute arbitrary Java on the...

Hertzbeat Security Vulnerabilities

Hertzbeat is an open source real-time monitoring system from the dromara organization. A security vulnerability exists in Hertzbeat versions prior to 1.4.1, which stems from a JNDI injection in the JmxCollectImpl.java implementation of JMXConnectorFactory.connect...

node-server path traversal vulnerability

node-server is an adapter that allows users to run Hono applications on Node.js. A path traversal vulnerability exists in node-server version 1.3.0 through versions prior to 1.4.1, which stems from an inability to resolve double dots in a URL...

CloudExplorer Lite License Issue Vulnerability

CloudExplorer Lite is CloudExplorer's platform that provides out-of-the-box basic functionality for cloud hosting management, cloud billing, operational analytics, and security compliance, as well as powerful extensibility to meet the customization needs of enterprises. An authorization issue...

CVE-2023-27845

SQL injection vulnerability found in PrestaShop lekerawenocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components...