17 matches found
CVE-2026-40299 next-intl has an open redirect vulnerability
next-intl provides internationalization for Next.js. Applications using the next-intl middleware prior to version 4.9.1with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host e.g. scheme-relative // or...
GHSA-8F24-V5VV-GM5J next-intl has an open redirect vulnerability
Impact Applications using the next-intl middleware with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host e.g. scheme-relative // or control characters stripped by the URL parser, so the middleware coul...
CVE-2026-2580
The CVE-2026-2580 entry concerns the WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters WordPress plugin (up to v4.9.1). The root cause is insufficient escaping and insufficient preparation of an SQL query, enabling time-based SQL Injection via the ‘orderby’...
SUSE CVE-2026-23511
ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...
CVE-2026-23511
ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...
CVE-2026-23511
CVE-2026-23511 affects Zitadel, an open source identity management platform. A user enumeration flaw in login interfaces allows an unauthenticated attacker to verify the existence of valid user accounts by iterating through usernames and userIDs. The issue is present in multiple versions prior to...
ZITADEL security vulnerabilities
ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed for the era of containers and serverless environments by ZITADEL in Switzerland. Versions of ZITADEL prior to 4.9.1 and 3.4.6 contain security vulnerabilities. These vulnerabilities stem from...
PT-2025-51434
Name of the Vulnerable Software and Affected Versions Syed Balkhi All In One SEO Pack versions through 4.9.1 Description A flaw exists in Syed Balkhi All In One SEO Pack that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. Recommendations...
SUSE CVE-2025-24016
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and...
OESA-2024-1750 python-lxml security update
The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. \ It is unique in that it combines the speed and XML feature completeness of these libraries with \ the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. \ The...
PT-2024-27514
Name of the Vulnerable Software and Affected Versions lxml versions prior to 4.9.1 Description An XML External Entity XXE vulnerability in the ebookmeta.get metadata function allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input. Recommendations F...
4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1222 more potentially affected by CVE-2023-34459 via @openzeppelin/contracts (>=4.7.0 <=4.9.1)
@openzeppelin/contracts NPM version =4.7.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2023-34459 Source advisory: OSV:GHSA-WPRV-93R4-JJ2P...
PT-2023-18813 · Vcita · Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Contact Form Builder by vcita plugin for WordPress versions up to, and including, 4.9.1 Description: The issue is related to Stored Cross-Site Scripting via the email parameter due to insufficient input sanitization and output escaping. This...
CVE-2020-7484
VERSION NOT SUPPORTED WHEN ASSIGNED A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediate...
Telegram Web and Telegram for Android Server-Side Request Forgery Vulnerability
Telegram for Android is an instant messaging application based on the Android platform.Telegram Web is its web version. A server-side request forgery vulnerability exists in the 'secret chat' feature in Telegram version 4.9.1 and Telegram Web version 0.7.0 for the Android-based platform. No...
CVE-2016-0207
IBM Algorithmics One-Algo Risk Application ARA 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399...
CVE-2017-1155
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference : 1999754...