CVE-2026-27820 affecting package ruby for versions less than 3.3.5-8

CVE-2026-27820 affecting package ruby for versions less than 3.3.5-8. A patched version of the package is available...

4ga Boards 安全漏洞

4ga Boards is a real-time project management dashboard system developed by RAR Personal Developers. Versions of 4ga Boards prior to 3.3.5 contained security vulnerabilities. These vulnerabilities stemmed from timing side channels in the login endpoint, which could lead to user enumeration...

CVE-2026-25529 Postal has HTML injection / XSS in message view

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

Linux Distros Unpatched Vulnerability : CVE-2017-15571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/list.html.erb via crafted column data. CVE-2017-15571 Note...

Linux Distros Unpatched Vulnerability : CVE-2017-15569

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value tha...

SUSE CVE-2017-15571

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/list.html.erb via crafted column data...

CVE-2022-41797

Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a...

ByteDance Lemon8 安全漏洞

ByteDance Lemon8 is a lifestyle messaging application for young people from China's ByteDance. A security vulnerability exists in ByteDance Lemon8 versions prior to 3.3.5. The vulnerability stems from the fact that it does not have reasonably restricted access privileges, which could allow a remo...

Redmine cross-site scripting vulnerability (CNVD-2017-31957)

Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . A cross-site scripting vulnerability exists in the app/views/issues/list.html.erb file in Redmine...

DEBIAN-CVE-2017-15571

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/list.html.erb via crafted column data...

CVE-2014-3146

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting XSS attacks via control characters in the link scheme to the cleanhtml function...

PT-2012-3950 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.3.5 Description: The issue is related to multiple buffer overflows in the hfsplus filesystem implementation, allowing local users to gain privileges via a crafted HFS plus filesystem. Recommendations: For...

CVE-2006-4973

Cross-site scripting XSS vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter...