Linux Distros Unpatched Vulnerability : CVE-2026-44899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a reg...

CVE-2026-44708

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

CVE-2026-34977

Aperi'Solve is an open-source steganalysis web platform. Prior to version 3.2.1, uploading a JPEG with an optional password leads the password to be passed into an expect command and then into a bash -c command without sanitization. An unauthenticated attacker can achieve root-level RCE inside th...

SCEditor 跨站脚本漏洞

SCEditor is a visual editor developed by Sam Personal Developer. Versions of SCEditor prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleanup of configuration options passed to sceditor.create, which could lead to cross-site scripting...

CVE-2025-66532 WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through 3.2.1...

EUVD-2025-31085

Malicious code in bioql PyPI...

CVE-2025-10449

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal. This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1...

CVE-2025-10449 Path Traversal in Saysis Computer Systems' Saysis Web Portal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal. This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1...

CVE-2025-10449 Path Traversal in Saysis Computer Systems' Saysis Web Portal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal. This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1...

Linux Distros Unpatched Vulnerability : CVE-2024-38441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuflen to '\0' in FPMapName in afpmapname in...

CVE-2025-26898 WordPress Traveler theme < 3.2.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through 3.2.1...

PT-2025-6729 · Unknown · Perfex Crm

Name of the Vulnerable Software and Affected Versions: Perfex Crm versions prior to 3.2.1 Description: The issue allows an authenticated attacker to send a crafted HTTP POST request to the "upload sales file" endpoint. By providing malicious input in the rel id parameter, combined with improper...

PT-2025-5095 · Gold Plugins · Gold Plugins Easy Faqs

Name of the Vulnerable Software and Affected Versions: Gold Plugins Easy FAQs versions prior to 3.2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject maliciou...

WordPress Plugin WP Dummy Content Generator 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

CVE-2023-2624

The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator...

Nuxt.js 跨站脚本漏洞

Nuxt.js is an open source web application framework based on Vue.js, Node.js, Webpack and Babel.js. A cross-site scripting vulnerability exists in Nuxt.js versions prior to 3.2.1, which stems from the presence of a cross-site scripting XSS vulnerability...

gdnsd Buffer Overflow Vulnerability

gdnsd is a DNS server written in C. It can be used as a server for the DNS server. A buffer error vulnerability exists in the 'setipv6' function of the zscanrfc1035.rl file in gdnsd versions prior to 2.4.3 and 3.x versions prior to 3.2.1. The vulnerability stems from a network system or product...

UBUNTU-CVE-2016-5844

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash via a crafted ISO file...