CVE-2026-48248

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path...

CVE-2021-29357

The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 and LifeTime management console before 11.7.0 allows SSRF for arbitrary outbound HTTP requests...

Missing "--allow-net" permission check for built-in Node modules

Impact Outbound HTTP requests made using the built-in "node:http" or "node:https" modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0...

CVE-2023-33966 Deno missing "--allow-net" permission check for built-in Node modules

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

CVE-2012-6112

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

CVE-2012-6112

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...