935 matches found
MailEnable 跨站脚本漏洞
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
PT-2025-50136
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of the ''/Mobile/Compose.aspx'' API endpoint. The Message value is not proper...
PT-2025-50272
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the WindowContext parameter of the ''/Mondo/lang/sys/Forms/MAI/compose.aspx'' endpoint. The...
MailEnable 跨站脚本漏洞
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
Exploit for Deserialization of Untrusted Data in Getlaminas Laminas-Http
CVE-2021-3007 — Laminas/Zend HTTP Deserialization RCE ==========...
AZL-71632 CVE-2025-65637 affecting package moby-compose for versions less than 2.17.3-13
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...
CVE-2025-47913 affecting package moby-compose for versions less than 2.17.3-12
CVE-2025-47913 affecting package moby-compose for versions less than 2.17.3-12. A patched version of the package is available...
CVE-2025-13948
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...
CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...
CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...
CVE-2025-13948
The CVE-2025-13948 entry concerns opsre go-ldap-admin (up to 20251011) with an issue in the JWT Handler’s docs/docker-compose/docker-compose.yaml processing. Manipulating the argument secret key can lead to use of a hard-coded cryptographic key, enabling remote attack. Exploitation details beyond...
Exploit for CVE-2025-41115
Grafana SCIMalform CVE-2025-41115 Overview This re...
PT-2025-48812
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...
Go Ldap Admin 安全漏洞
Go Ldap Admin is an openLDAP backend management project based on Go+Vue implementation organized by China opsre. A security vulnerability exists in Go Ldap Admin 20251011 and earlier versions, which originates from the use of hard-coded encryption keys by the JWT Handler component in the...
Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mv7p-34fv-4874. This link is maintained to preserve external references. Original Description A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of t...
Exploit for CVE-2021-21980
Clippy of the Dead - CVE-2021-21980 testing environment and Nucl...
Exploit for Race Condition in Vercel Next.Js
CVE-2025-32421---Race-Condition-Vulnerability---Next.js PoC La...
CVE-2025-47913 affecting package docker-compose for versions less than 2.27.0-6
CVE-2025-47913 affecting package docker-compose for versions less than 2.27.0-6. A patched version of the package is available...
EUVD-2025-198855
Malicious code in @quick-start-soft/quick-markdown-compose npm...
Malicious code in @quick-start-soft/quick-markdown-compose (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4390993c4dc5c3a55b6da923961e34a8fa5caa1f06de7f3ac1ce24dba811c018 The package @quick-start-soft/quick-markdown-compose was found to contain malicious code. Source: ghsa-malware...