CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

DNN - Unrestricted Arbitrary File Upload

DNN formerly DotNetNuke \u003C 10.1.1 contains an unrestricted file upload vulnerability caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting existing files, letting unauthenticated attackers deface websites and inject XSS payloads, exploit requires no...

CVE-2025-64094

DNN (DotNetNuke) is affected by CVE-2025-64094 due to incomplete SVG sanitization, allowing stored XSS via uploaded SVGs. Affected versions are prior to 10.1.1; the issue stems from an incomplete fix for CVE-2025-48378 and is fixed in 10.1.1. The vulnerability enables execution of arbitrary JavaS...

PT-2025-44220

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.1 Description DNN formerly DotNetNuke is an open-source web content management platform. Prior to version 10.1.1, the sanitization process for uploaded SVG files did not adequately address all...

PT-2025-44219

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.1 Description DNN formerly DotNetNuke is an open-source web content management platform. Before version 10.1.1, unauthenticated users could upload files through the default HTML editing...

Zimbra Collaboration Server 访问控制错误漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server that stems from a logging service that sometimes...

GHSA-QM28-7HQV-WG5J OS Command Injection in ng-packagr

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option...

Avaya IP Office Contact Center Buffer Overflow Vulnerability

Avaya IP Office is a stackable, scalable, single small business communications system from Avaya, USA. The system manages voice communications, instant messaging, and e-mail through a single PC-based portal and supports a variety of drag-and-drop application tools.Contact Center is one of the...

Apple Safari 'Safari' Component Address Forgery Vulnerability

Apple Safari is a web browser developed by Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems.Safari is one of the specialized components used for the Safari browser.... An address forgery vulnerability exists in the 'Safari' component of Apple Safari...

CVE-2017-2539

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted we...