phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from the default empty value of api.apiClientToken in API v4.0, which allowed unverified users to create...

CVE-2026-41320

Frappe HR (open-source HRMS) has a SQL injection vulnerability affecting versions prior to 15.54.0 and 14.38.1, exploitable via a specially crafted request to a specific endpoint. The root cause is improper input handling leading to information disclosure. A fix is included in versions 15.54.0 an...

CVE-2026-4668

The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the sort parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied sort parameter and lack of...

PT-2025-29613 · Cyberark · Secrets Manager +1

Name of the Vulnerable Software and Affected Versions: Conjur OSS versions 1.19.5 through 1.21.1 Secrets Manager, Self-Hosted versions 13.1 through 13.4.1 Description: Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who can inject secrets ...

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications open-sourced by Quarkus. A security vulnerability exists in Quarkus that stems from a request parameter being leaked between concurrent requests if the endpoint is injected using a field that does not have a C...