CVE-2022-45404

creationtimestamp| type| source ---|---|--- 2025-08-18 18:30:59+00:00| seen| MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7...

CVE-2021-47650

creationtimestamp| type| source ---|---|--- 2025-08-16 01:45:14+00:00| seen| MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0 2025-08-19 04:06:35+00:00| seen| MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0...

CVE-2025-2213

creationtimestamp| type| source ---|---|--- 2025-08-13 13:26:34+00:00| seen| MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868...

CVE-2025-27788

creationtimestamp| type| source ---|---|--- 2025-08-13 13:26:34+00:00| seen| MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868...

CVE-2024-10252

creationtimestamp| type| source ---|---|--- 2025-08-11 18:27:49+00:00| seen| MISP/3e4b778d-5810-4171-a915-f1d106684af4...

CVE-2025-29072

creationtimestamp| type| source ---|---|--- 2025-08-10 18:27:44+00:00| seen| MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c 2025-09-10 07:47:58+00:00| seen| MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c...

MeterSphere SQL注入漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A SQL injection vulnerability exists in MeterSphere versions prior to 3.6.5-lts, which stems from insufficient validation of the sortField parameter and could lead to SQL injection...

CVE-2025-02261

creationtimestamp| type| source ---|---|--- 2025-07-10 15:12:05+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3ltmmisgqrs2j...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions 1.1.0 through 1.1.2 of dify, which stems from an uncleaned code node input that could lead to the execution of arbitrary code...

CVE-2025-52487 DNN.PLATFORM possibly allows bypass of IP Filters

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP...

DNN.PLATFORM 安全漏洞

DNN.PLATFORM is an open source web content management platform CMS from DNN Open Source. A security vulnerability exists in DNN.PLATFORM versions prior to 10.0.1, which stems from a specially crafted request bypassing an IP filter design that could lead to unauthorized logins...

CVE-2025-49149 Dify has XSS vulnerability

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...

CVE-2025-49149 Dify has XSS vulnerability

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...

dify 跨站脚本漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A cross-site scripting vulnerability exists in dify version 1.2.0, which stems from insufficient user input filtering and could lead to cross-site scripting attacks...

CVE-2024-52008

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...

CVE-2024-52593

Misskey is an open source, federated social media platform.In affected versions missing validation in NoteCreateService.insertNote, ApPersonService.createPerson, and ApPersonService.updatePerson allows an attacker to control the target of any "origin" links such as the "view on remote instance"...

CVE-2024-52590

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to...

CVE-2023-38706

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server...

CVE-2023-38494

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue...

CVE-2022-41944

Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it...