CVE-2026-44720 OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4...

CVE-2026-33436 Stirling-PDF: Reflected XSS through crafted filename in file upload functionality

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a...

HashiCorp Vault和HashiCorp Vault Enterprise 安全漏洞

HashiCorp Vault and HashiCorp Vault Enterprise are products developed by HashiCorp, a company based in the United States. HashiCorp Vault is a private key access management tool. HashiCorp Vault Enterprise is an enterprise information archiving platform. There were security vulnerabilities in...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.0.0 contained security vulnerabilities; these vulnerabilities were due to insufficient file path cleanup, which could lead to arbitrary file overwriting and process crashes...

CVE-2025-12761 Simple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Simple multi step form allows Cross-Site Scripting XSS.This issue affects Simple multi step form: from 0.0.0 before 2.0.0...

CVE-2025-48459

Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

PT-2024-39128

Name of the Vulnerable Software and Affected Versions: ValeApp versions prior to 2.0.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially compromising the securit...

AZL-33325 CVE-2023-51257 affecting package jasper for versions less than 2.0.32-4

An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code...

CVE-2023-2853

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softmed SelfPatron allows Reflected XSS.This issue affects SelfPatron : before 2.0...

UBUNTU-CVE-2022-43440

Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable...

PT-2023-10236 · Little Apps · Little Apps Little Software Stats

Name of the Vulnerable Software and Affected Versions: Little Apps Little Software Stats versions prior to 0.2 Description: A critical issue was found in the Password Reset Handler component, specifically in the file inc/class.securelogin.php, leading to improper access controls. The complexity o...

Rust vec-const crate 缓冲区错误漏洞

Rust vec-const crate is a program written in the Rust language with specific functionality. security vulnerabilities exist in versions of Rust vec-const crate prior to 2.0.0, which can be exploited by attackers to cause memory corruption...

AZL-6751 CVE-2021-33289 affecting package ntfs-3g for versions less than 2021.8.22-1

In NTFS-3G versions 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution...

flatCore CMS build cross-site scripting vulnerability

flatCore is a lightweight content management system CMS based on PHP and SQLite. A cross-site scripting vulnerability exists in flatCore CMS prior to version 2.0.0 build 139, which stems from the program accepting malicious client-side scripts without proper detection and can be exploited by an...

Wireshark Denial of Service Vulnerability (CNVD-2016-01444)

Wireshark is the most popular network protocol parser. A denial-of-service vulnerability exists in Wireshark version 2.0.x prior to 2.0.2, which allows remote attackers to cause a denial of service via a crafted packet...