CVE-2026-40184

TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2...

Sony IP Cameras Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-7834)

SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC- EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC- ZP550, SNC-ZR550,...

UBUNTU-CVE-2025-59375

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

OESA-2025-2457 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat in Expat before version 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document...

AZL-67359 CVE-2025-59375 affecting package expat for versions less than 2.6.4-2

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

AZL-67328 CVE-2025-59375 affecting package expat for versions less than 2.6.4-2

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

CVE-2025-59375

Summary: CVE-2025-59375 affects libexpat in Expat before 2.7.2. A small XML document can trigger large dynamic memory allocations, per multiple security advisories. Affected software: libexpat (Expat) prior to version 2.7.2. Impact (as stated): Attackers may cause large memory allocations; impact...

Schneider Electric Trio Q Licensed Data Radio 安全漏洞

Schneider Electric Trio Q Licensed Data Radio is a radio from Schneider Electric France. A security vulnerability exists in Schneider Electric Trio Q Licensed Data Radio versions prior to v2.7.2, which stems from an insecure resource initialization that could lead to unauthorized access...

PT-2025-4916 · WordPress · Wp-Blackcheck

Name of the Vulnerable Software and Affected Versions: WP-BlackCheck versions prior to 2.7.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application...

CVE-2024-43214

Missing Authorization vulnerability in myCred.This issue affects myCred: from n/a through 2.7.2...

CVE-2023-42663

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated wit...

Google TensorFlow输入验证错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the fact that tf.rawops.StagePee...

Auth0 Express OpenId Connect 输入验证错误漏洞

Auth0 Express OpenId Connect is an open source component of Auth0 Inc. Express.js middleware used to protect the OpenID Connect web application. An input validation error vulnerability exists in Auth0 Express OpenId Connect versions prior to 2.7.2, which stems from the vulnerability of users of t...

Combodo iTop Cross-Site Scripting Vulnerability (CNVD-2021-03527)

Combodo iTop is free software for managing hardware, software and related services. A cross-site scripting vulnerability exists in Combodo iTop versions prior to 2.7.2, 3.0.0. An attacker can exploit this vulnerability by modifying the local storage of the target browser to conduct a cross-site...

Combodo iTop 跨站脚本漏洞

Combodo iTop is free software for managing hardware, software and related services. A cross-site scripting vulnerability exists in Combodo iTop versions prior to 2.7.2, 3.0.0. An attacker can exploit this vulnerability by modifying the local storage of the target browser to conduct a cross-site...

PT-2021-12113 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 2.8.0 Description: The issue allows a user to access data they should not have access to by calling the ajax endpoint for the "excel export" portal functionality directly,...

CVE-2020-13892

The SportsPress plugin before 2.7.2 for WordPress allows XSS...

Torchbox Wagtail Cross-Site Scripting Vulnerability

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A cross-site scripting vulnerability exists in Torchbox Wagtail version 2.8.1 and versions prior to 2.7.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...

CVE-2018-9159

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...

Multiple SONY network cameras information disclosure vulnerability

SONY SNC-CH115 and so on are the network camera products of Japan Sony Sony company. An information disclosure vulnerability exists in several SONY network cameras using firmware versions prior to 2.7.2. The vulnerability can be exploited by an attacker to log in to the device with administrator...