CVE-2026-44668

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

Faction 安全漏洞

Faction is an open-source report generation and evaluation framework developed by Faction Security. Versions of Faction prior to 1.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of output encoding for attachment file names during the evaluation file preview...

CVE-2026-23483

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly...

CVE-2026-23483 Blinko: Unauthorized Arbitrary File Read - /plugins

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly...

AZL-71566 CVE-2025-65637 affecting package containerized-data-importer for versions less than 1.55.0-27

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

Fulcio 安全漏洞

Fulcio is a certificate authority open-sourced by sigstore. A security vulnerability exists in Fulcio versions prior to 1.8.3, which stems from mishandling of the identity.extractIssuerURL function, which could lead to memory allocation issues...

PT-2024-21285 · Intel · Intel Simics Package Manager

Name of the Vulnerable Software and Affected Versions: IntelR Simics Package Manager versions prior to 1.8.3 Description: The issue is related to an uncontrolled search path in some IntelR Simics Package Manager software, which may allow an authenticated user to potentially enable escalation of...

CVE-2023-1270

Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3...

SUSE CVE-2015-5145

validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service CPU consumption via unspecified vectors...

CVE-2022-4058

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control...

PT-2022-27427 · Slixmpp +1 · Slixmpp +1

Name of the Vulnerable Software and Affected Versions: Slixmpp versions prior to 1.8.3 Description: The issue lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp. Recommendations: For versions prior to 1.8.3, update to version...

OctoPrint 注入漏洞

OctoPrint is an application. Provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in versions prior to OctoPrint 1.8.3. An attacker exploited the vulnerability to cause special elements to be injected...

PYSEC-2022-283

Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3...

OctoPrint 安全漏洞

OctoPrint is an application. Provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in versions prior to OctoPrint 1.8.3 that stems from incorrect privilege management...

CVE-2022-2269

The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manageoptions capability by default admins, leading to an SQL injection...

YOURLS 跨站请求伪造漏洞

YOURLS is a set of PHP-based open source short link platform. A cross-site request forgery vulnerability exists in YOURLS versions prior to 1.8.3. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...

Etherpad 安全漏洞

Etherpad-Lite is a Web-based open source document editor from the Etherpad Foundation. A security vulnerability exists in Etherpad-Lite versions prior to 1.8.3, which can be exploited by attackers to cause a denial of service...

VulnCheck KEV: CVE-2021-24182

The tutorquizbuildergetanswersbyquestion AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

VulnCheck KEV: CVE-2021-24186

The tutoransweringquizquestion/getanswerbyid function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...