9 matches found
CVE-2026-35611
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...
Exploit for CVE-2025-2304
CVE-2025-2304-Camaleon-C...
CVE-2022-1910
The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
DEBIAN-CVE-2021-3518
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability...
WordPress plugin Tree Sitemap 安全漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in versions o...
Solidus Input Validation Error Vulnerability
Solidus is an open source e-commerce system. An input validation error vulnerability exists in Solidus versions prior to 2.8.6, prior to 2.9.6, and prior to 2.10.2. The vulnerability stems from a network system or product that does not properly validate incoming data. No detailed vulnerability...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
wolfSSL buffer overflow vulnerability (CNVD-2020-13495)
wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A buffer overflow vulnerability exists in wolfSSL CyaSSL versions prior to 2.9.4. The vulnerability stems from a networked system or...
PT-2018-13775
Name of the Vulnerable Software and Affected Versions Ansible Engine versions prior to 2.9 Description The issue allows for 'become' passwords to appear in EventLogs in plaintext when executing Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled. ...