18350 matches found
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: flux-source-controller, argo-events, melange, gitsign, grype, bom, goreleaser, gomplate, guac, zarf, flux-image-automation-controller, grafana, kots, xeol, teleport, trufflehog, k9s, external-secrets-operator, argocd-image-updater, gitaly, zot, osv-scanner, trivy,...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: witness, chainctl-fips, flux-fips, kargo, external-secrets-operator, gitaly-fips, trivy-fips, kubevela-fips, pulumi-language-dotnet, snyk-cli, grafana-alloy, trufflehog, grype-fips, rancher-fleet-fips, gitaly, xeol, gomplate-fips, gitsign, src-fingerprint, flux, cg,...
SUSE CVE-2025-71299
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...
Siemens多款产品 跨站脚本漏洞
The Siemens SIMATIC Drive Controller is a series of drive controllers developed by the German company Siemens. Several Siemens products have a cross-site scripting vulnerability. This vulnerability arises from improper validation and cleaning of PLC/site names on the Web interface communication...
Siemens SIMATIC S7 PLC Web Server
SUMMARY SIMATIC S7 PLCs contain multiple vulnerabilities in the web server that could allow an attacker to perform cross-site scripting attacks. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix...
Siemens SIMATIC 跨站脚本漏洞
Siemens SIMATIC is a series of programmable control and industrial software products developed by Siemens, a German company, for industrial automation and process control applications. Siemens SIMATIC has a cross-site scripting vulnerability. This vulnerability stems from the Web interface’s moti...
CVE-2026-42843 grav-plugin-api: Grav API Privilege Escalation to Super Admin
Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...
SUSE CVE-2026-43290
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on startstreaming failure Return buffers if streaming fails to start due to uvcpmget error. This bug may be responsible for a warning I got running while :; do yavta -c3 /dev/video0; done on...
kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()
A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...
EUVD-2021-34809
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...
EUVD-2022-55975
WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...
CVE-2022-50954
WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...
CVE-2021-47949
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...
CVE-2022-50954
WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...
PT-2026-39479
WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...
PT-2026-39523
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...
EUVD-2026-28939
A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...
CVE-2026-8196
A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...
CVE-2026-8195
A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...
CVE-2026-8195 JeecgBoot SVG File CommonController.java cross site scripting
A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...