11 matches found
DiceBear 安全漏洞
DiceBear is an open-source library for generating random avatars. Versions of DiceBear prior to 9.4.0 contained a security vulnerability. This vulnerability stemmed from the ensureSize function, which read the width and height properties from the input SVG to determine the output canvas size. Thi...
CVE-2026-3240
In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...
CVE-2026-3240
In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from PHP object injection in the columns parameter within the Express Entry List block, which could lead to remote co...
CVE-2026-27824
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both remoteaddr and the X-Forwarded-For header. Since the X-Forwarded-For header i...
PT-2025-43963
Name of the Vulnerable Software and Affected Versions Bdtask Pharmacy Management System versions prior to 9.4 Description A flaw exists in Bdtask Pharmacy Management System that allows for authorization bypass. This occurs through manipulation of an unknown function within the /user/edit user/ fi...
Astro 输入验证错误漏洞
Astro is an Astro open source web framework for content-driven websites. An input validation error vulnerability exists in Astro versions prior to 9.4.1, which stems from a flaw in the redirection feature that could lead to an open redirection attack...
CVE-2022-24388
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...
Laravel platform cross-site scripting vulnerability
Laravel platform is a free Laravel extension library from the Laravel team Laravel. The extension library has basic business logic to quickly build admin pages and basic pages. A cross-site scripting vulnerability exists in platform versions prior to 9.4.4, which stems from an inline attribute th...
UBUNTU-CVE-2019-13239
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture...
ALPINE-CVE-2017-7548
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service...