CVE-2026-42677

CVE-2026-42677 concerns the WordPress WP Document Revisions plugin,

CoolerControl 跨站脚本漏洞

CoolerControl is an open-source control software for cooling devices developed by CoolerControl. Versions of CoolerControl prior to 4.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a stored-cross-site scripting mechanism in the log viewer, which could allow...

CVE-2026-33942

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize in AccessTokenAuthenticator::unserialize to restore OAuth token state from cache or storage, with allowedclasses = true. An attacker who can control the serialized...

CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...

DEBIAN-CVE-2025-1647

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

PT-2025-4596 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.361 Description: The issue is related to missing authorization, allowing any authenticated user to access and modify the global Coolify instance OAuth configuration. This exposes sensitive information,...

PT-2024-27362 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.0.0 OpenHarmony version 4.0.0 Description: The issue allows a remote attacker to execute arbitrary code in pre-installed apps through an out-of-bounds write. Recommendations: For OpenHarmony version 4.0.0, upda...

PT-2024-24935 · WordPress · Logo Slider

Name of the Vulnerable Software and Affected Versions: The Logo Slider WordPress plugin versions prior to 4.0.0 Description: The issue concerns the lack of validation and escaping of certain Slider Settings in the plugin, which could allow users with the contributor role and above to perform Stor...

CVE-2023-6280

An XXE XML External Entity vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network...

Apache Airflow 输入验证错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow Sqoop Provider...

GHSA-C732-XVV8-G94C Command Injection in Apache Airflow and Apache Airflow MySQL Provider

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...

Engine.IO 安全漏洞

Engine.IO is a transport-based implementation of Socket.IO's cross-browser/cross-device bi-directional communication layer.A denial-of-service vulnerability exists in versions of Socketio Engine.IO prior to 3.6.1, 4.0.0 and later, and prior to 6.2.1, which stems from a failure to properly handle...

Mastodon 安全漏洞

Mastodon is an open source social networking server based on ActivityPub. A security vulnerability exists in Mastodon versions prior to 4.0.0, which stems from an improper restriction on excessive authentication attempts...

PT-2022-17352 · WordPress · Enable Media Replace

Name of the Vulnerable Software and Affected Versions: Enable Media Replace WordPress plugin versions prior to 4.0.0 Description: The issue allows high privilege users, such as admins, to potentially move files outside the Upload folder to the web root directory via a path traversal attack...

npm markdown-link-extractor 安全漏洞

npm markdown-link-extractor is used to extract links from Markdown text. npm markdown-link-extractor versions prior to 3.0.2 and 4.0.0 contain a denial of service vulnerability that stems from not properly handling incoming error messages, which could be exploited by an attacker to cause a denial...

Mattermost Server vulnerable to XSS via an uploaded file

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file...

Mattermost Server Code Issue Vulnerability (CNVD-2020-35336)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.0.0, prior to 3.10.2, and prior to 3.9.2, which stems from the program's inability to disable a session. No details of the...

Juniper Contrail Service Orchestration Hard-Coded Credentials Vulnerability (CNVD-2019-19205)

Juniper Contrail Service Orchestration CSO is a Juniper Networks suite of products for designing and deploying network services in a centralized cloud CPE deployment model. A hard-coded credentials vulnerability exists in Juniper CSO versions prior to 4.0.0. The vulnerability stems from the fact...

CVE-2017-15879

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

Revive Adserver Elevation of Privilege Vulnerability

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in Revive Adserver versions prior to 3.2.5 and 4.0.0, which stems from the...