7994 matches found
CVE-2026-59733
A flaw was found in Rclone. When using the rclone serve restic --private-repos command, an authenticated user can include directory traversal sequences e.g., .. in a request. This allows them to bypass authorization and read, overwrite, or delete another user's private repository on backends that...
DomainMOD 4.13.0 - Cross-Site Scripting
DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteteam. id: CVE-2022-31977 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to SQ...
Doctor Appointment System 1.0 - SQL Injection
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. id: CVE-2021-27314 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: critical description: |...
AppCMS - Cross-Site Scripting
AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. id: CVE-2021-45380 info: name: AppCMS - Cross-Site Scripting author: pikpikcu severity: medium description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. impact: | Successfu...
Code-Projects School Fees Payment System 1.0 - SQL Injection
A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...
Langflow <= 1.8.4 - Path Traversal to RCE via File Upload
The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request. id: CVE-2026-5027 info: name: Langflow = 1.8.4 -...
Nodejs Squirrelly - Remote Code Execution
Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
A directory traversal vulnerability in the Realtyna Translator comrealtyna component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2682 info: name: Joomla!...
Honeywell PM43 Printers - Command Injection
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006 id:...
Malicious code in cookie-parser-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6c2bd7c1b5b363e72753401f6edebf816965a625227e6523210e4620ce9bb8a cookie-parser-js impersonates the widely used cookie-parser package: it copies TJ Holowaychuk / Doug Wilson author metadata, the description, the...
RLSA-2026:35842 Important: nodejs22 security, bug fix, and enhancement update
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
Fedora 43 : firefox (2026-410580270b)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-410580270b advisory. - Updated to latest upstream 152.0.4 ---- Update to latest upstream version Tenable has extracted the preceding description block directly from the Fedora...
nodejs:22 security, bug fix, and enhancement update
An update is available for nodejs, module.nodejs, nodejs-packaging, nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
ALSA-2026:35892 Important: nodejs:22 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...
Updated mariadb packages fix security vulnerabilities
This update to the latest LTS version fixes some severe security vulnerabilities...
KLA91123 Multiple vulnerability in Mozilla Firefox
Multiple vulnerability was found in Mozilla Firefox. Malicious users can exploit this vulnerability to cause denial of service, execute arbitrary code. Original advisories MFSA2026-62 Exploitation Related products Mozilla-Firefox CVE list CVE-2026-14241 critical Solution Update to the latest...
Important: Red Hat Security Advisory: Red Hat Ceph Storage
A new version of Red Hat build of Ceph Storage has been released The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 7.1. This release updates to the latest version...
CVE-2026-9620
The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...
CVE-2026-9620 WP Latest Posts <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting via Post Content Image src Attribute
The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...