4 matches found
CVE-2026-32629
Summary: CVE-2026-32629 affects phpMyFAQ prior to 4.1.1, where an unauthenticated attacker can submit a guest FAQ with a syntactically valid but HTML-containing email address. PHP’s FILTER_VALIDATE_EMAIL accepts the quoted-local-part email, stores it without HTML sanitization, and later renders i...
PT-2024-29299 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.1.0 Description: The issue allows a local attacker to upgrade common permissions to root and leak sensitive information through a use-after-free vulnerability. This could potentially lead to system compromise...
PT-2021-24242 · Unknown · Cve-Search
Name of the Vulnerable Software and Affected Versions: cve-search versions prior to 4.1.0 Description: The issue in cve-search allows regular expression injection, which can lead to ReDoS regular expression denial of service or other impacts. This occurs in the lib/DatabaseLayer.py file...
Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2019-21429)
Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in Subrion CMS versions prior to 4.1.4, which stems from a lack of proper...