Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of SSRF protection in the migration helper functions, which could lead to server-side request forgeing...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.2.1 contained security vulnerabilities. These vulnerabilities stemmed from insufficient checks for read permissions when returning related tasks, which could lead to information leaks...

PT-2026-24472

Name of the Vulnerable Software and Affected Versions gleam-wisp wisp versions 2.1.1 through 2.2.0 Description A path traversal issue exists in gleam-wisp wisp that allows arbitrary file reading through percent-encoded path traversal. The wisp.serve static function is susceptible because...

CVE-2026-25878

FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users...

GHSA-QCFC-HMRC-59X7 Apache Struts 2 is Missing XML Validation

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

TrustedFirmware-M 安全漏洞

TrustedFirmware-M is a firmware system for microcontrollers open-sourced by TrustedFirmware UK. A security vulnerability exists in TrustedFirmware-M versions prior to 2.1.3 and prior to 2.2.1, which stems from insufficient length validation during a firmware upgrade, and may result in a buffer...

VulnCheck KEV: CVE-2024-37497

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1...

QNAP Systems QuMagie Command Injection Vulnerability

QNAP Systems QuMagie is a QTS photo management application from QNAP Systems. A command injection vulnerability exists in QNAP Systems QuMagie prior to version 2.2.1, which stems from the presence of an operating system command injection vulnerability that could allow an authenticated user to...

WordPress plugin ConvertKit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-18925 · WordPress · Convertkit

Name of the Vulnerable Software and Affected Versions: ConvertKit WordPress plugin versions prior to 2.2.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly escaped before being outputted back in an attribute. This could b...

WordPress Plugin YaySMTPr 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin YaySMTP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2022-1527

The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

Unspecified Vulnerability in Google Tensorflow (CNVD-2020-57075)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Tensorflow versions prior to 2.2.1, 2.3.1, which can be exploited by an attacker to cause memory leakage issues...

PT-2020-14273 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: The Shard API in TensorFlow expects the last argument...

PT-2020-14280 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: A crafted TFLite model can force a node to have as...

Jooby Environmental Issues Vulnerability

Jooby is a modular micro-Web framework for Java and Kotlin . An environmental issue vulnerability exists in Jooby versions prior to 2.2.1 that stems from a user input validation error in the response header. A remote attacker can exploit this vulnerability to inject arbitrary HTTP headers...

CVE-2019-15839

The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion...

CVE-2015-1053

Cross-site scripting XSS vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/filemanager/filemanager/editfile...

Double free

queryparams.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service infinite recursion and crash via an HTTP query that contains %% double percent characters...