scitokens 路径遍历漏洞

Scitokens is an open-source science computing token library developed by SciTokens. Versions of SciTokens prior to 1.9.7 contained a path traversal vulnerability. This vulnerability allowed attackers to use dots .. in token scope declarations, thereby circumventing the intended directory...

CVE-2025-59555

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Medizin medizin allows PHP Local File Inclusion.This issue affects Medizin: from n/a through 1.9.7...

Slack Nebula 安全漏洞

Slack Nebula is a scalable overlay network tool from Slack open source. A security vulnerability exists in Slack Nebula versions prior to 1.9.7 that stems from improper CIDR handling in certain configurations, which could lead to the acceptance of arbitrary source IP addresses in the Nebula netwo...

CVE-2025-59555

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Medizin medizin allows PHP Local File Inclusion.This issue affects Medizin: from n/a through 1.9.7...

CVE-2025-59555 WordPress Medizin Theme < 1.9.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Medizin medizin allows PHP Local File Inclusion.This issue affects Medizin: from n/a through 1.9.7...

PT-2023-29855 · Sbt +1 · Sbt +1

Name of the Vulnerable Software and Affected Versions: sbt versions prior to 1.9.7 Description: The issue allows writing of arbitrary files given a specially crafted zip or JAR file, utilizing IO.unzip. This could potentially overwrite /root/.ssh/authorized keys. Within sbt's main code, IO.unzip ...

CVE-2021-24846

The getquery function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocosajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by...

WordPress 插件 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. A cross-site request forgery vulnerability exists in the WordPress Compact WP Audio Player plugin in versions prior to 1.9.7, which stems from the fact that the web application does not adequatel...

Catalyst Mahara 'add to watchlist' cross-site scripting vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A cross-site scripting vulnerability exists in the 'add to watchlist' link in Catalyst Mahara versions 1.9 before 1.9.7, 1.10 before 1.10.5, and 15.04...

ALPINE-CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...