EUVD-2026-33701

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...

CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

MCP Go SDK 安全漏洞

MCP Go SDK is an open-source development toolkit for the Model Context Protocol. Versions of the MCP Go SDK prior to 1.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of case-insensitive JSON key matching during the parsing of JSON-RPC and MCP protocol messages,...

CVE-2025-58067

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

PT-2025-35317

Name of the Vulnerable Software and Affected Versions: Basecamp's google sign in gem versions prior to 1.3.1 Description: The gem persists a URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly passes the "same origin" check, potentially redirecti...

New-Ringer-Server 安全漏洞

New-Ringer-Server is the server code for a Ringer messaging application open-sourced by Lif Platforms. A security vulnerability exists in versions of New-Ringer-Server prior to 1.3.1 that stems from loading a message route without checking that the user loading the session is actually a member of...

PT-2024-38950 · Openrapid · Openrapid Rapidcms

Name of the Vulnerable Software and Affected Versions: OpenRapid RapidCMS versions prior to 1.3.1 Description: A critical issue has been found in OpenRapid RapidCMS. The problem lies in an unknown function of the file /resource/runlogon.php. Manipulation of the username argument leads to SQL...

PT-2023-28081 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.3.1-9346-6 Description: The issue is related to a Path Traversal vulnerability in the cgi component, allowing remote attackers to read specific files via unspecified vectors. Recommendations: Fo...

SUSE CVE-2014-9092

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service crash via a crafted JPEG file, related to the Exif marker...

PT-2023-13734 · WordPress · Authenticator

Name of the Vulnerable Software and Affected Versions: Authenticator WordPress plugin versions prior to 1.3.1 Description: The issue arises from the plugin's failure to restrict subscribers from updating a site's feed access token. This could potentially deny other users access to certain...

WordPress和WordPress plugin 资源管理错误漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. A denial of service vulnerability exists in versions of the WordPress Custom Popup Builde plugin prior to 1.3.1,...

UBUNTU-CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...