Code-Projects Project Management System SQL注入漏洞

Code-Projects Project Management System is an open-source project management system developed by Code-Projects. Version 1.0 of the Code-Projects Project Management System contains a SQL injection vulnerability. This vulnerability stems from incorrect operations in the chk.php file of the Login...

The Fault in Our Drafts: Vulnerabilities in RPKI Specification and Software

The Resource Public Key Infrastructure RPKI secures the Internet's routing system by defining a complex trust and validation framework for certificates, Route Origin Authorizations ROAs, manifests, and Certificate Revocation Lists CRLs. These mechanisms are specified across dozens of RFCs. This...

DocSpace 安全漏洞

DocSpace is an open-source document collaboration and sharing platform developed by ONLYOFFICE. Versions of DocSpace prior to 3.2.1 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow users with low privileges to access...

Student-Management-System 访问控制错误漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. The STUDENT-MANAGEMENT-SYSTEM contains a security vulnerability related to access control. This vulnerability stems from improper access control measures in the Dashboard component, which may...

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing bypass vulnerability in the OSS file service URL...

Debian dsa-6296 : spip - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6296 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6296-1 [email protected] https://www.debian.org/securit...

Snipe-IT 跨站脚本漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from unescaped notes columns, which could lead to cross-site scripting attacks...

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.1 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the OSS file service URL retrieval...

PT-2026-43234

An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...

Bugsink 安全漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the event pages did not require events to be issues within URLs, which could allow authenticat...

PT-2026-43301

Name of the Vulnerable Software and Affected Versions Twenty versions prior to 1.18.1 Description An issue exists in the file serving endpoints '/files/' and '/file/:fileFolder/:id' where uploaded files are served using fileStream.piperes without specifying Content-Type, Content-Disposition, or...

view_component 安全漏洞

viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities stem from the fact that the preview routing does not verify...

SAP Gateway 安全漏洞

SAP Gateway is a framework based on open standards developed by SAP, a German company. This product allows non-SAP applications to connect to SAP applications, as well as access SAP applications on mobile devices. There is a security vulnerability in SAP Gateway, which allows attackers to inject...

SourceCodester CET Automated Grading System with AI Predictive Analytics 安全漏洞

SourceCodester CET Automated Grading System with AI Predictive Analytics is an open-source English language assessment system based on artificial intelligence predictive analytics, developed by SourceCodester. Version 1.0 of the SourceCodester CET Automated Grading System with AI Predictive...

Falco 0.44.0

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from access control flaws in the API for retrieving OSS file service URLs, which...

CVE-2026-40682

A flaw was found in Apache OpenNLP. A remote attacker can exploit this vulnerability by providing a specially crafted dictionary file. This can lead to an XML External Entity XXE injection, which allows for the disclosure of local files or enables server-side request forgery SSRF, where the serve...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in handling shiroSavedRequest cookies, which use unprotected/unencrypted values for SAVEDREQUESTKEY. An authenticated user can cause the server to make blind HTTP GET requests to arbitrary URLs or redirect users to untrust...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect due to insufficient validation of the Referer header in saveRequestReferer. An authenticated user can redirect users to arbitrary external sites by supplying a malicious Referer value during authentication. Remediation...

CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...