PT-2026-33035

Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.5 Description An issue exists where the software fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows an unauthenticated...

CVE-2026-39704

CVE-2026-39704 concerns a missing authorization (broken access control) vulnerability in the WordPress plugin Precious Metals Automated Product Pricing – Pro (nfusionsolutions). Affected versions are through 4.0.5, where improperly configured access control security levels can be exploited. The P...

EUVD-2026-9017

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-65230

Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...

EUVD-2025-36014

Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through = 4.0.5...

CVE-2025-41046

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/960grid...

PT-2025-35919

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

PT-2025-35924

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

Xpdf 安全漏洞

Xpdf is a free PDF viewer and toolkit from Xpdf, Inc. that includes a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf 4.05 and earlier versions, which stems from an integer overflow checking error in the PostScript function interpreter code,...

AZL-57207 CVE-2025-27144 affecting package buildah 1.18.0-29

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

AZL-57120 CVE-2025-27144 affecting package moby-containerd-cc for versions less than 1.7.7-9

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

PT-2024-29390

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is an out-of-bounds array write triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. Recommendation...

Xpdf 缓冲区错误漏洞

Xpdf is a free PDF viewer and toolkit from Xpdf, Inc. that includes a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf versions 4.05 and earlier, which stems from a vulnerability that allows an attacker to trigger an out-of-bounds array write...

PT-2024-22965

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is an out-of-bounds array write in Xpdf, triggered by a negative object number in an indirect reference in the input PDF file. This occurs when the software processes a PDF file containing a...

PT-2020-8676 · Mongodb · Mongodb Server +1

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.0.5 MongoDB Server versions prior to 3.6.10 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch...

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2016-10246)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site scripting vulnerability exists in Subrion CMS version 4.0.5, which stems from the failure of...