Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 12.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from using the Pages Router and when configuring i18n and middleware or proxy authorization. In these cases...

CVE-2026-32562

Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through = 1.9.15...

CVE-2026-32562

Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through = 1.9.15...

Mars: Bug Report #23JAN136 (subdomain takeover via shopify )

A subdomain takeover vulnerability was identified on the domain █████████, where the subdomain pointed to an unclaimed Shopify instance. The vulnerability was successfully exploited by the researcher, who created a Shopify account, added the custom domain █████████, and demonstrated control over...

NETGEAR R6700v3 信息泄露漏洞

NETGEAR R6700v3 is the Nighthawk AC1750 Smart Dual Band Gigabit Router from Netgear USA. The NETGEAR R6700v3 suffers from an information disclosure vulnerability that stems from a specific flaw in the httpd service, where string matching logic is incorrect when accessing a protected page. An...

CVE-2020-26121

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload...

PT-2020-16300 · Wikimedia +1 · Fileimporter Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.34.4 FileImporter extension for MediaWiki versions prior to 1.34.4 Description: An issue in the FileImporter extension allows an attacker to import a file into a protected page, bypassing "page creation"...

Serviio PRO DLNA Media Streaming Server - REST API Arbitrary Password Change Vulnerability

Serviio PRO is a DLNA media server. An arbitrary password change vulnerability exists in the Serviio PRO DLNA Media Streaming Server - REST API. A remote attacker can exploit this to change the login password of a protected page via a specially crafted request...

Information disclosure on non protected page

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-43406. panel In confluence, a user can navigate to the page "/notfound", and receive a standard "Page Not Found". This page...

phpPass 2 AccessControl.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6594/info A problem with phpPass may allow an attacker to launch a SQL injection attack. The vulnerability exists in the accesscontrol.php script included with phpPass. Due to insufficient sanitization of user-supplied...

CVE-2014-1613

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

Default credentials

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

CVE-2014-1613

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

Directory traversal

Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence...