13 matches found
CVE-2026-33552
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control...
CVE-2026-33552
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control...
Text Generation Web UI 路径遍历漏洞
Text Generation Web UI is a local AI UI interface developed by oobabooga’s individual developer. Versions of Text Generation Web UI prior to 4.1.1 contained a path traversal vulnerability. This vulnerability stems from allowing extended settings to be saved in the py format, which can overwrite...
CVE-2026-34973
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages method in phpmyfaq/src/phpMyFAQ/Search.php uses realescapestring via escape to sanitize the search term before embedding it in LIKE clauses. However, realescapestring does not escape SQL LIKE...
CVE-2026-27746 SPIP jeux < 4.1.1 Reflected XSS via index Parameters
The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting XSS vulnerability in the prepropre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages...
CVE-2026-24875
CVE-2026-24875 concerns yoyofr modizer prior to 4.1.1, with an Integer Overflow or Wraparound vulnerability in the modizer component. The issue is described as affecting modizer before 4.1.1, with a CVSS v3.1 base score of 7.8 (HIGH) and impact to Confidentiality, Integrity, and Availability (all...
PT-2026-4964
Integer Overflow or Wraparound vulnerability in yoyofr modizer.This issue affects modizer: before 4.1.1...
RHEL 8 : nodejs:14 (RHSA-2023:1742)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1742 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Smarty 代码注入漏洞
Smarty is a PHP-based template engine that helps to separate the representation HTML/CSS from the application logic. A code injection vulnerability exists in Smarty versions 3.1.x prior to 3.1.45 and 4.1.x prior to 4.1.1, which can be exploited by a remote attacker to send a specially crafted...
WordPress plugin Popup Builder SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in...
Zammad 命令注入漏洞
Zammad is a web-based open source help desk/customer support system. a command injection vulnerability exists in versions of Zammad prior to 4.1.1. An attacker could exploit the vulnerability to inject commands via custom packages...
Zammad 安全漏洞
Zammad is a Web-based open source help desk/customer support system. remote code execution vulnerability exists in versions of Zammad prior to 4.1.1. An attacker could exploit the vulnerability by sending a specially crafted request to Zammad to execute code on the server...
Zammad 代码问题漏洞
Zammad is an open source web-based help desk/customer support system. a remote code execution vulnerability exists in the Form functionality of Zammad versions prior to 4.1.1. The vulnerability stems from improper handling of deserialization. An attacker could exploit the vulnerability to execute...