CVE-2026-42141 Xibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

FreeRTOS-Plus-TCP 数字错误漏洞

FreeRTOS-Plus-TCP is an extensible, open-source TCP/IP stack designed for use with FreeRTOS. Versions prior to 4.4.1 and 4.2.6 of FreeRTOS-Plus-TCP contained a numerical error vulnerability. This vulnerability stemmed from integer overflows in the ICMP and ICMPv6 echo reply handlers, which could...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000548)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000548 advisory. The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists befor...

Linux Distros Unpatched Vulnerability : CVE-2016-2548

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of...

BaserCMS Cross-Site Scripting Vulnerability (CNVD-2020-60477)

BaserCMS is an open source enterprise-level content management system cms. A cross-site scripting vulnerability exists in versions of baserCMS prior to 4.4.1. An attacker can exploit this vulnerability by entering a specially crafted nickname in a blog comment to execute arbitrary JavaScript...

DEBIAN-CVE-2019-6470

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2019-29164)

Ignite Realtime Openfire is the Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server , it can build a highly efficient instant messaging server , and supports tens of...

Nagios Core null pointer dereference vulnerability (CNVD-2018-17097)

Nagios Core is an open source system and network monitoring application. A null pointer dereference vulnerability exists in qhhelp in Nagios Core 4.4.1 and earlier. An attacker can exploit this vulnerability by sending a specially crafted payload to a listening UNIX socket to cause a denial of...

PT-2017-18980 · Microsoft +1 · Windows +2

Name of the Vulnerable Software and Affected Versions: Atlassian Fisheye and Crucible versions prior to 4.4.1 Description: The issue allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating...

CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View

CVE-2013-5695 Multilple Cross Site Scripting XSS Attacks in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Multilple Cross Site Scripting XSS Attacks in Ops View Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsvie...

Opsview pre 4.4.1 - Blind SQL Injection

CVE-2013-5694 Blind SQL Injection in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Blind SQL Injection in OpsView Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsview is a systems management software built on ope...

Ops View Pre 4.4.1 Cross Site Scripting

CVE-2013-5695 Multilple Cross Site Scripting XSS Attacks in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Multilple Cross Site Scripting XSS Attacks in Ops View Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsvie...