blueprintUE self-hosted edition 安全漏洞

The blueprintUE self-hosted edition is an open-source data modeling and visualization tool developed by blueprintUE. Versions prior to blueprintUE self-hosted edition 4.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the password change form located at...

CVE-2026-24673 Open eClass Has File Upload Filter Bypass via ZIP Archive Extraction

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside ZIP archives and extracting them using the...

sigstore-python Cross-Site Request Forgery Vulnerability

sigstore-python is an open-source tool developed by sigstore for generating and verifying Sigstore signatures in Python. Versions of sigstore-python prior to 4.2.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the OAuth authentication process’s...

CVE-2025-40807

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...

CVE-2025-34281

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

CVE-2022-43761

Missing authentication when creating and managing the B&R APROL database in versions R 4.2-07 allows reading and changing the system configuration...

PT-2018-2954

Name of the Vulnerable Software and Affected Versions lxml versions prior to 4.2.5 Description The issue is related to the lxml.html.clean module in the lxml library, which fails to remove javascript: URLs that use escaping. This allows a remote attacker to conduct cross-site scripting XSS attack...

UBUNTU-CVE-2017-6458

Multiple buffer overflows in the ctlput functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable...

Fortinet FortiADC D models Cross-Site Scripting Vulnerability

Fortinet FortiADC is an application delivery product from Fortinet that provides high availability, user experience, performance and scalability for mobile users, cloud and enterprise application access. A cross-site scripting vulnerability exists in Fortinet FortiADC D models prior to version 4....

Vulnerability in NetApp OnCommand Balance

NetApp OnCommand Balance is a NetApp solution that provides guidance on how to optimize the performance and capacity of virtual and physical data center infrastructures. A security vulnerability exists in NetApp OnCommand Balance versions prior to 4.2P3. An attacker could exploit the vulnerabilit...

PT-2014-2326 · Plone +1 · Plone +1

Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone versions 4.3 before beta 1 Description: The issue allows remote attackers to cause a denial of service, specifically memory consumption, via a large value. This is related to the formatColumns function...