Nextcloud Calendar 安全漏洞

Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.19, prior to 5.5.6, and prior to 6.0.1, which stems from the calendar application allowing blind booking of meetings, which could lead to...

CVE-2025-20092

Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

GHSA-4P35-CFCX-8653 Hostname confusion in parse-url

Exposure of Sensitive Information to an Unauthorized Actor via hostname confusion in GitHub repository ionicabizau/parse-url prior to 6.0.1...

GHSA-PX4H-XG32-Q955 ReDoS in normalize-url

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

Sql injection

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome...

PT-2015-5258 · Blubrry · Blubrry Powerpress Podcasting Plugin

Name of the Vulnerable Software and Affected Versions: Blubrry PowerPress Podcasting plugin versions prior to 6.0.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a "powerpress-editcategoryfeed" action in the "powerpressadmin...