CVE-2026-24674

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting XSS vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and...

CVE-2026-24671 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User Fields

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

PT-2026-6203

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A Stored Cross-Site Scripting XSS issue exists in versions before 4.2, allowing authenticated...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002990)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002990 advisory. The rngapireset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service NULL pointer dereference. Tenable has extracted...

Open eClass 安全漏洞

Open eClass is an open source eClass system from Greek Universities Network. A security vulnerability exists in versions of Open eClass prior to 4.2, which stems from a lack of file validation in the theme import feature and could lead to remote code execution...

CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

B&R Industrial Automation APROL 缓冲区错误漏洞

B&R Industrial Automation APROL is a production process management system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R Industrial Automation APROL R prior to version 4.2-07, which stems from insufficient validation of input parameters, resulting in a buffer...

PT-2022-8326 · Unknown · S::Can Moni::Tools

Name of the Vulnerable Software and Affected Versions: s::can moni::tools versions prior to 4.2 Description: The issue allows an unauthenticated attacker to access any file from the device through path traversal in the image-relocator module. Recommendations: For versions prior to 4.2, consider...

Cross site scripting

SAP BusinessObjects Business Intelligence Platform Fiori BI Launchpad, before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability...

DEBIAN-CVE-2019-17542

FFmpeg before 4.2 has a heap-based buffer overflow in vqadecodechunk because of an out-of-array access in vqadecodeinit in libavcodec/vqavideo.c...

PT-2005-3678 · Openssh +2 · Openssh +2

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 4.2 Description: The issue allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods when GSSAPIDelegateCredentials is enabled. This could cause those credentials to be exposed to...