EUVD-2026-35091

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...

UBUNTU-CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

EUVD-2025-33366

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2024-54514

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox...

CVE-2023-2484

The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

WordPress Plugin Active Directory Integration SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

ihatemoney Resource Management Error Vulnerability

ihatemoney is a web-based shared budget management application. A resource management error vulnerability exists in ihatemoney pypi version 4.1.4 and prior versions, which arises from a mismanagement of system resources e.g., memory, disk space, files, etc. on a networked system or product, and c...

MikroTik FTP Daemon Denial of Service Vulnerability

MikroTik is a set of routing operating system based on Linux core development of Latvian MikroTik company. The system turns a PC computer into a professional router. A security vulnerability exists in MikroTik version 6.41.4. A remote attacker can exploit the vulnerability to prevent the router...

DEBIAN-CVE-2017-12608

A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service memory corruption and application crash potentially resulting in arbitrary code execution...