WWW::Mechanize::Cached 代码问题漏洞

WWW::Mechanize::Cached is an open-source module developed by libwww-perl for the Perl language, serving as an extension to WWW::Mechanize. Versions of WWW::Mechanize::Cached prior to version 2.00 contained code vulnerabilities. These vulnerabilities stemmed from the ability to deserialize HTTP...

CVE-2026-27116

Vikunja has a reflected HTML injection in the Projects module prior to version 2.0.0: the URL parameter filter is rendered into the DOM without output encoding when clicking “Filter.” Scripts/iframes are blocked, but SVG, links, and formatting tags may render, enabling SVG-based phishing buttons,...

PT-2024-35916 · Unknown · Futurio Extra

Name of the Vulnerable Software and Affected Versions: Futurio Extra versions prior to 2.0.14 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject malicious scripts into...

PT-2020-12032 · Dronecode · Mavlink

Name of the Vulnerable Software and Affected Versions: MAVLink versions prior to 2.0 Description: The issue concerns the negotiation of the MAVLink protocol version between the Ground Control Station GCS and the autopilot. An attacker can manipulate the negotiation process to force the autopilot ...

Cisco DNA Spaces:Connector SQL Injection Vulnerability

Cisco DNA Spaces is a set of indoor location services platform from Cisco.Cisco DNA Spaces:Connector is one of the connectors used to support the communication of Cisco wireless controllers. A SQL injection vulnerability exists in the Web UI in versions prior to Cisco DNA Spaces: Connector 2.0 th...

Wireshark S7COMM Parser Denial of Service Vulnerability

Wireshark is the most popular network protocol parser. The s7commdecodeudcpuszlsubfunc function in epan/dissectors/packet-s7commszlids.c in the S7COMM parser version 2.0.x prior to Wireshark 2.0.1 fails to validate the list count in the SZL response, allowing remote attackers to divide by zero...