CVE-2026-42842 grav-plugin-form: XSS via Taxonomy Field Values in Admin Panel

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are rendered with the Twig |raw filter in the admin panel, bypassing the...

CVE-2026-33674 PrestaShop: Improper Use of Validation Framework

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...

CVE-2026-33673

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...

GHSA-283W-XF3Q-788V PrestaShop: Improper Use of Validation Framework

Impact Fix improper use of validation framework Patches Patched in 8.2.5 and 9.1.0 Workarounds None References none...

PrestaShop: Improper Use of Validation Framework

Impact Fix improper use of validation framework Patches Patched in 8.2.5 and 9.1.0 Workarounds None References none...

PT-2026-28175

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.5 PrestaShop versions prior to 9.1.0 Description PrestaShop, an open source e-commerce web application, experiences an issue due to improper use of its validation framework. No workarounds are currently...

EUVD-2026-3321

Fastify Middie Middleware Path Bypass...

CVE-2026-22031

@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...

CVE-2025-53899

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...

CVE-2025-53900 Kiteworks MFT has a Privilege Defined With Unsafe Actions

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0...

CVE-2025-53899 Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...

EUVD-2025-199897

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...

CVE-2025-53897 Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...

Kiteworks 输入验证错误漏洞

Kiteworks is a secure private network data software from Kiteworks, Inc. An input validation error vulnerability exists in versions of Kiteworks prior to 9.1.0 that stems from improper input validation and could result in elevated privileges on shared folders...

PT-2021-21532 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 8.1.2 Apache Traffic Server versions 9.0.0 through 9.1.0 Description: The issue is related to improper input validation in the header parsing of Apache Traffic Server, allowing an attacker to smugg...

Dell Technologies Dell PowerScale OneFS 操作系统命令注入漏洞

Dell EMC PowerScale OneFS is an API-powered file system. An elevation of privilege vulnerability exists in Dell EMC PowerScale OneFS versions 8.1.0 through 9.1.0. The vulnerability stems from the incorrect neutralization of special elements used in OS commands. An attacker with ISIPRIVLOGINSSH or...

CVE-2020-14543

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications component: Installation. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle...

CVE-2019-5308

Mate 20 RS smartphones with versions earlier than 9.1.0.135C786E133R3P1 have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation...

Unspecified Vulnerability in Oracle Hospitality Reporting and Analytics (CNVD-2019-36665)

Oracle Hospitality Reporting and Analytics is a web-based application that centralizes point-of-sale POS data, provides operational and analytical insights into business operations, and improves efficiencies by delivering information to all roles within an organization. An unspecified vulnerabili...