shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the management tables for PaymentMethods, Currencies, and Carriers rendering inline switching options and...

ALPINE-CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

CVE-2026-24369

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through 2.8.0...

CVE-2026-24370

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through 2.8.0...

PT-2026-27852

Name of the Vulnerable Software and Affected Versions The Grid versions prior to 2.8.0 Description An authorization issue exists in Theme-one The Grid. The problem stems from incorrectly configured access control security levels, potentially allowing unauthorized access. Recommendations Update Th...

CVE-2026-24368

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through 2.8.0...

CVE-2025-1774

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

CVE-2025-62497

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed...

Linux Distros Unpatched Vulnerability : CVE-2016-9645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has...

PT-2025-33853 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.0 Description: flaskBlog is a blog application built with Flask. A stored cross-site scripting XSS issue exists due to a lack of validation for the content of a post stored in the postContent variable. The...

CVE-2025-1774

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

PT-2023-8378 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.8.0 Description: The issue allows an authenticated user with limited access to some DAGs to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access...

Apache Airflow 访问控制错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security bypass vulnerability exists in Apache Airflow versions prior to 2.8.0,...

Layui 跨站脚本漏洞

Layui is Layui open source Web UI component library that follows the original development model . A cross-site scripting vulnerability exists in versions prior to layui v2.8.0-rc.16. The vulnerability stems from an unknown part of the component HTML Attribute Handler, which leads to cross-site...

PT-2022-15075 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected Description: The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. This issue can be exploited b...

PT-2022-15065 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The implementation of Dequantize does not fully validate the value of axis and c...

Discourse 代码问题漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A code issue vulnerability exists in versions of Discourse prior to 2.7.8 and prior to 2.8.0.beta4. No detailed vulnerability details are currently available...

PT-2021-12113 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 2.8.0 Description: The issue allows a user to access data they should not have access to by calling the ajax endpoint for the "excel export" portal functionality directly,...

CVE-2020-27344

The cm-download-manager plugin before 2.8.0 for WordPress allows XSS...