CVE-2023-52951

A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...

CVE-2026-33814 affecting package containerd2 for versions less than 2.2.4-2

CVE-2026-33814 affecting package containerd2 for versions less than 2.2.4-2. A patched version of the package is available...

CVE-2023-52951

CVE-2023-52951 affects the Synology Note Station Client prior to version 2.2.4-703, where sensitive data is transmitted in cleartext. This enables network-level (MITM) attackers to obtain user credentials. The CVE lists a CVSS v3.1 base score of 5.9 (MEDIUM) with high confidentiality impact and n...

CVE-2026-31882

Summary: CVE-2026-31882 affects Dagu, a workflow engine. Before v2.2.4, when DAGU_AUTH_MODE=basic, SSE endpoints are accessible without credentials, allowing unauthenticated access to real-time DAG data, configurations, logs, and queue status via a flaw in buildStreamAuthOptions() where BasicAuth...

CVE-2026-30943 Gokapi has Privilege Escalation in File Replace

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...

CVE-2025-54421

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting XSS vulnerability in NamelessMC before 2.2.4 allows remote authenticated attackers to inject arbitrary web script or HTML via the defaultkeywords crafted parameter. This vulnerability is fixe...

CVE-2025-54421 NamelessMC allows Stored Cross Site Scripting (XSS) in SEO component

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting XSS vulnerability in NamelessMC before 2.2.4 allows remote authenticated attackers to inject arbitrary web script or HTML via the defaultkeywords crafted parameter. This vulnerability is fixe...

NamelessMC 信息泄露漏洞

NamelessMC is a free, easy to use and powerful website software from the NamelessMC team. For your Minecraft server, which contains tons of features. An information disclosure vulnerability exists in NamelessMC versions prior to 2.2.4, which stems from the disclosure of sensitive information and...

UBUNTU-CVE-2025-46806

A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4...

CVE-2025-46807

A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4...

Horde Groupware Webmail 跨站脚本漏洞

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. A security vulnerability exists in the lib/Horde/Mime/Viewer/Ooo.php file in Horde Groupware Webmail. The vulnerability stems from the fact that the file allows cross-site scripting attacks utilizin...

PT-2022-16632

Name of the Vulnerable Software and Affected Versions Argo CD versions prior to 2.1.9 Argo CD versions 2.2.x prior to 2.2.4 Description The issue allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. This could enable an attacker to discover...

CVE-2021-23371

This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...

CVE-2017-8080

Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads...

UBUNTU-CVE-2016-6912

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via large width and height values...

CVE-2007-6692

Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 1 Core and 2 print modules...