CVE-2026-31839 Striae has a hash validation utility vulnerability

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered...

CVE-2025-9229

Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages...

CVE-2025-9225

CVE-2025-9225 affects MiR software prior to 3.0.0 in MiR Robots and MiR Fleet. The issue is a stored cross-site scripting (XSS) in the web interface, enabling execution of arbitrary JavaScript in a victim’s browser. Root cause details are not elaborated beyond the XSS attribution in multiple sour...

CVE-2025-9225 Cross-site scripting (XSS) in MiR robots and MiR fleet

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

CVE-2025-8749

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots MiR Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request...

PT-2024-1507 · WordPress · Web3

Name of the Vulnerable Software and Affected Versions: Web3 WordPress plugin versions prior to 3.0.0 Description: The issue is related to an authentication bypass due to incorrect authentication checking in the login flow. This is caused by vulnerabilities in the handle auth request and handle...

CVE-2023-3375

Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection. This issue affects Bookreen: before 3.0.0...

Bookreen Code Issues Vulnerabilities

Bookreen is a workspace scheduling software from Bookreen Turkey. It allows every location bookable via IoT devices to create maximum efficiency and satisfaction. A code issue vulnerability exists in Bookreen versions prior to 3.0.0, which stems from the presence of an unrestricted upload...

PT-2023-4667 · Freerdp · Freerdp

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 3.0.0-beta3 Description: The issue is related to a Use-After-Free in processing RDPGFX CMDID RESETGRAPHICS packets. If context-maxPlaneSize is 0, context-planesBuffer will be freed, but without updating...

Mbed TLS 加密问题漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library. A security vulnerability exists in Mbed TLS versions prior to 3.0.0, which stems from the use of a dangerous cryptographic algorithm in the mbedtlsmpiexpmod function of lignum.c. The vulnerability is caused by t...

PT-2022-17909 · Intel · Intel Sdp Tool

Name of the Vulnerable Software and Affected Versions: IntelR SDP Tool versions prior to 3.0.0 Description: The issue is related to improper authentication, which may allow an unauthenticated user to potentially enable information disclosure via network access. Recommendations: For versions prior...

PT-2022-11368 · Comodo +1 · Combodo Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 3.0.0-beta6 Description: The issue affects Combodo iTop, a web-based IT Service Management tool. In the affected versions, the export CSV page does not properly escape user-supplied parameters, allowing for...

AZL-44922 CVE-2021-3476 affecting package OpenEXR 2.3.0-6

A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability...

PT-2021-9741 · Comodo +1 · Combodo Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 and 3.0.0 Description: The issue affects Combodo iTop, a web-based IT Service Management tool. By modifying the target browser's local storage, an XSS can be generated in the iTop console breadcrumb...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-35331)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.0.0. An attacker could exploit the vulnerability to view account details...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details...