54696 matches found
CVE-2026-27116
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While...
CVE-2026-23627
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...
EUVD-2025-208123
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...
BIT-PYTORCH-2025-2149 PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnqSigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zeropoint leads to improper initialization. The attack needs to be approached...
CVE-2026-27621
TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting XSS vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a...
CVE-2025-50857
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...
📄 OpenBabel 3.1.1 Parsing Issues
This Metasploit auxiliary module generates specially crafted proof of concept files targeting potential parsing vulnerabilities in OpenBabel version 3.1.1 such as NULL pointer dereference and out-of-bounds read conditions...
Docker Desktop < 4.62.0 Out of Bounds Read
The version of Docker Desktop is prior to 4.62.0. It is therefore affected by an out of bounds read vulnerability. - An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local...
CVE-2026-27116
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...
EUVD-2026-8749
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module...
CVE-2026-27116
Vikunja has a reflected HTML injection in the Projects module prior to version 2.0.0: the URL parameter filter is rendered into the DOM without output encoding when clicking “Filter.” Scripts/iframes are blocked, but SVG, links, and formatting tags may render, enabling SVG-based phishing buttons,...
CVE-2026-27116 Vikunja has Reflected HTML Injection via filter Parameter in Projects Module
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...
CVE-2026-27116 Vikunja has Reflected HTML Injection via filter Parameter in Projects Module
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...
CVE-2026-26984 LORIS media module vulnerable to remote code execution
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with sufficient privileges can exploit a path traversal vulnerability to...
CVE-2026-26984
CVE-2026-26984 affects the LORIS media module. An authenticated user with sufficient privileges can abuse a path traversal flaw to upload a malicious file to an arbitrary server location, enabling remote code execution (RCE). Vulnerable versions are before 26.0.5, 27.0.2, and 28.0.0; fixed in 26....
EUVD-2026-8746
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with sufficient privileges can exploit a path traversal vulnerability to...
CVE-2026-26984 LORIS media module vulnerable to remote code execution
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with sufficient privileges can exploit a path traversal vulnerability to...
CVE-2026-26984 LORIS media module vulnerable to remote code execution
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with sufficient privileges can exploit a path traversal vulnerability to...
CVE-2026-23627
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...
DRUPAL-CONTRIB-2026-016
This module integrates with Islandora, an open-source digital asset management DAM framework. Islandora integrates with various open-source services, which can be run in a distributed environment. The module doesn't sufficiently sanitize URI paths for its custom route used for attaching media to...