15 matches found
DiceBear 安全漏洞
DiceBear is an open-source library for generating random avatars. Versions of DiceBear prior to 9.4.0 contained a security vulnerability. This vulnerability stemmed from the ensureSize function, which read the width and height properties from the input SVG to determine the output canvas size. Thi...
CVE-2025-47147
Cleartext Storage of Sensitive Information CWE-312 in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile...
SUSE CVE-2026-27824
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both remoteaddr and the X-Forwarded-For header. Since the X-Forwarded-For header i...
DEBIAN-CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
CVE-2022-4940
creationtimestamp| type| source ---|---|--- 2026-01-04 21:02:59+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mbmt47va2r2h...
PT-2026-22384
Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.4.0 Description calibre is an e-book manager for viewing, converting, editing, and cataloging e-books. A HTTP Response Header Injection exists in the calibre Content Server for versions before 9.4.0. An authenticate...
EUVD-2025-30903
Malicious code in bioql PyPI...
CVE-2025-11005
The CVE-2025-11005 issue affects TOTOLINK X6000R, where OS Command Injection arises from improper neutralization of special elements in user input. Affected versions: X6000R up to and including V9.4.0cu.1458_B20250708. Root cause: failure to properly filter special elements allows an attacker to ...
CVE-2025-39400
creationtimestamp| type| source ---|---|--- 2025-04-25 14:07:08+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13417...
CVE-2023-49409
Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet...
GLPI 跨站脚本漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
PT-2023-2907 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x Description: The issue is related to improper authorization in the Hitachi Vantara Pentaho Business Analytics Server. Exploitation of this...
GLPI 跨站脚本漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
Katy Voor HHVM 缓冲区错误漏洞
Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that stems from a write out-of-bounds if a buffer is full. The following products and versions are affected: HHV...
CVE-2021-27190
A Stored Cross Site ScriptingXSS Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can ste...