samlify 安全漏洞

Samlify is a Node.js library developed by TNGAN’s individual developers, used for SAML SSO. Versions of Samlify prior to 2.13.0 contained security vulnerabilities. These vulnerabilities stemmed from template substitution only escaping attribute contexts, while values within element texts were not...

dalfox 安全漏洞

Dalfox is an automated cross-site script scanning tool developed by HAHWUL. Versions of Dalfox prior to 2.13.0 contained security vulnerabilities. These vulnerabilities stemmed from the REST API server mode, where the custom-payload-file field directly deserialized from the attacker’s request bod...

NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions vulnerability discovered by ? in WordPress Npm samlify versions 2.13.0...

CVE-2026-42598 Pode: Directory Traversal is possible on Static Routes

Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible to request paths such as http://localhost:8080/c:/Windows/System32/drivers/etc/hosts and have the...

WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PowerPack Pro for Elementor versions v2.13.0...

CVE-2025-47911 affecting package gh for versions less than 2.13.0-26

CVE-2025-47911 affecting package gh for versions less than 2.13.0-26. A patched version of the package is available...

PT-2025-44218

Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 2.13.0 Description FastMCP, a framework for building MCP applications, contains a command-injection issue. An attacker who can control the server name field of an MCP can execute arbitrary OS commands on Windows hosts...

CVE-2024-13284

Cross-Site Request Forgery CSRF vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5...

PT-2022-27219 · Unknown · Ipti Br.Tag

Name of the Vulnerable Software and Affected Versions: ipti br.tag versions prior to 2.13.0 Description: A vulnerability was found in ipti br.tag, which has been declared as problematic. The manipulation of an unknown functionality leads to cross-site scripting. The attack can be launched remotel...

PT-2022-17492 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions prior to 2.13.0 Description: The issue allows an attacker to bypass body schema validation in the request-validation plugin by passing a JSON with a duplicate key. This can be achieved by sending a JSON payload such as...

Mautic Information Disclosure Vulnerability

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic version 1.x and version 2.x prior to 2.13.0. An attacker could exploit the vulnerability to retrieve contact...