21 matches found
CVE-2026-44589
Nuxt-og-image (nuxt-og-image) contains an SSRF issue tracked as CVE-2026-44589. The isBlockedUrl validator in [email protected] is incomplete: IPv6 prefix handling is limited (only ::1, fc, fd, fe80) and there is no redirect re-validation, enabling bypass paths such as IPv6-mapped addresses and...
CVE-2026-44589 nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)
Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validatio...
CVE-2026-3311
The CVE-2026-3311 family concerns The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce (WordPress) up to version 6.4.9. All connected sources describe a Stored Cross-Site Scripting vulnerability via the Progress Bar shortcode caused by insufficient...
CVE-2026-3311 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient input sanitization an...
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar vulnerability
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 6.4.9 - Authenticated Contributor+ Stored Cross-Site Scripting via Progress Bar vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in...
EUVD-2026-15888
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through = 6.4.9...
CVE-2026-32524
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through = 6.4.9...
PT-2026-28038
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through = 6.4.9...
CVE-2025-66134
Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through = 6.5.1...
CVE-2025-11510
CVE-2025-11510 : FileBird for WordPress pre-6.4.9 is vulnerable to unauthorized modification of data due to a missing capability check on /filebird/v1/fb-wipe-clear-all-data. This allows authenticated attackers with author-level access and above to reset the plugin’s configuration data. Connected...
CVE-2024-23664
A URL redirection to untrusted site 'open redirect' in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL...
Siemens SiPass Integrated 输入验证错误漏洞
Siemens SiPass Integrated is a powerful and extremely flexible access control system from Siemens Germany. An input validation error vulnerability exists in the Siemens SiPass Integrated AC5102 ACC-G2 and ACC-AP V6.4.9 and earlier versions, which stems from not properly clearing user inputs on th...
CVE-2022-20649
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...
PT-2025-2585 · Fortinet · Fortivoice
Name of the Vulnerable Software and Affected Versions: Fortinet FortiVoice versions 7.0.0 through 7.0.4 Fortinet FortiVoice versions prior to 6.4.9 Description: The issue is related to an improper neutralization of special elements used in an OS command, allowing an authenticated privileged...
CVE-2024-23664
A URL redirection to untrusted site 'open redirect' in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL...
CVE-2023-22812
SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data...
SUSE CVE-2022-24758
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...
CVE-2022-1649
creationtimestamp| type| source ---|---|--- 2022-05-10 20:32:48+00:00| seen| https://t.me/cibsecurity/42267...
Jupyter Notebook 日志信息泄露漏洞
Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. A log information disclosure vulnerability exists in Jupyter Notebook versions prior to 6.4.9, which stems from an unauthorized participant being able to access sensitive...
Serve Path Traversal Vulnerability
serve is a static file server that is primarily used for deploying native single-page applications or static files. A path traversal vulnerability exists in serve versions prior to 6.4.9, where the program fails to adequately filter %2e . and %2f / characters in the url. and %2f / characters in t...