ai.stainless:grails-tika (=0.1.0), app.dassana:rule-engine (>=1.6.8 <=1.10.1) +1303 more potentially affected by CVE-2026-44242 via io.micronaut:micronaut-inject (>=1.0.0 <=4.10.21)

io.micronaut:micronaut-inject MAVEN version =1.0.0, =1.6.8, =1.4.0, =1.1.0, =0.3.8, =0.8.0, =0.9.1, =1.4.0, =2.0.8-micronaut-1.0, =1.3.7.6, =1.3.7.6, =1.7.3-micronaut-1.0, =1.6.2-micronaut-1.0, =2.0.0-micronaut-1.0, =2.2.2-micronaut-3.0 and more Source cves: CVE-2026-44242 Source advisory:...

org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

OpenRemote 安全漏洞

OpenRemote is an open-source IoT platform developed by OpenRemote. Versions of OpenRemote prior to 1.22.0 contained security vulnerabilities. These vulnerabilities were caused by two related expression injections in the rule engine, which could allow arbitrary code to execute on the server...

CVE-2026-24736

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

CVE-2026-24736 Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

📄 NanoMQ 0.24.6 Remote Buffer Overflow

A stack-based buffer overflow vulnerability exists in NanoMQ version 0.24.6, allowing remote attackers to cause a denial of service and potentially achieve remote code execution. The vulnerability requires admin privileges, but use of default credentials admin:public may be common, lowering the...

CVE-2025-34265

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings o...

EUVD-2021-29709

Malicious code in bioql PyPI...

Hashcat Advanced Password Recovery 7.1.2 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary...

Hashcat Advanced Password Recovery 7.1.1 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary...

Hashcat Advanced Password Recovery 7.0.0 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary...

CVE-2021-42751

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the description of a rule node...

CVE-2021-42751

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the description of a rule node...

CVE-2021-42750

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the title of a rule node...

CVE-2021-42750

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the title of a rule node...

Cross site scripting

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the title of a rule node...

Cross site scripting

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the description of a rule node...

CVE-2021-42751

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the description of a rule node...

CVE-2021-42751

CVE-2021-42751 describes a cross-site scripting (XSS) flaw in ThingsBoard 3.3.1, where an attacker with administrative access can inject arbitrary JavaScript into the description of a rule node. The payload can execute in the editor when hovering over the node, as demonstrated by PoCs in Exploit-...

CVE-2021-42750

CVE-2021-42750 is a stored XSS vulnerability in the ThingsBoard 3.3.1 Rule Engine that allows remote attackers with administrative access to inject JavaScript into the title of a rule node, which is executed in the editor when hovered. Multiple sources confirm the issue in ThingsBoard 3.3.1 and d...