WordPress plugin Visualizer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Paramiko 加密问题漏洞

Paramiko is an open-source implementation of the SSHv2 protocol, written entirely in Python. It provides both client and server functionality. Versions of Paramiko prior to 4.0.0 have vulnerabilities related to encryption, which stem from the use of the SHA-1 algorithm in the rsakey.py module...

CVE-2026-33183 Saloon has a Fixture Name Path Traversal Vulnerability

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments e.g. ../traversal or ../../etc/passwd resulted in a pat...

EUVD-2026-14700

NULL Pointer Dereference vulnerability in taurusxin ncmdump ‎src/utils‎ modules. This vulnerability is associated with program files cJSON.Cpp‎. This issue affects ncmdump: before 1.4.0...

CVE-2025-66211 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...

CVE-2025-40937

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited...

CVE-2025-27394

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device...

PT-2025-7723 · Unknown · Photo Gallery

Name of the Vulnerable Software and Affected Versions: Photo Gallery Responsive versions prior to 4.0 Description: A Cross-Site Request Forgery CSRF issue allows Privilege Escalation. This issue enables an attacker to perform actions on behalf of another user without their knowledge or consent...

PT-2024-16963

Name of the Vulnerable Software and Affected Versions django CMS versions prior to 4.0 Description The issue is related to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS vulnerability. This allows for stored XSS attacks. The estimated number of...

Omeka S Cross-Site Scripting Vulnerability

Omeka S is an open source web content management system CMS from Omeka, Inc. that specializes in creating and managing digital exhibitions and online digital archives. It is a new version of the Omeka project, and unlike the traditional Omeka Classic, Omeka S emphasizes multi-user collaboration a...

CVE-2023-22886

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

CVE-2023-1258

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware web service modules allows Footprinting.This issue affects Flow-X: before 4.0...

SUSE CVE-2013-4156

Apache OpenOffice.org OOo before 4.0 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted element in an OOXML document file...

GHSA-G24C-FX4V-XG9W Mattermost Server has Insufficient Session Expiration when used as an OAuth 2.0 service provider

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled...

wolfSSL encryption issue vulnerability (CNVD-2020-50525)

wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in the ecc.c file in wolfSSL versions prior to 4.4.0. No details of the vulnerability are provided at th...

PT-2020-8449

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 4.0.0 Mattermost Server versions 3.10.2 and earlier Mattermost Server versions 3.9.2 and earlier Description: An issue allows CSRF to occur if CORS is enabled. Recommendations: For versions prior to 4.0.0,...

CVE-2020-13803

An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures...

CVE-2017-5907

The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

DEBIAN-CVE-2015-4036

Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted VHOSTSCSISETENDPOINT ioctl call. NOTE: the affected function w...

PT-2016-7111 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.0 Description: The issue is related to the mismanagement of locks during certain migrations in the performance subsystem of the Linux kernel. This allows local users to gain privileges via a crafted applicatio...