EUVD-2026-31995

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

GRASSMARLIN 代码问题漏洞

GRASSMARLIN is an open-source network security posture awareness tool for industrial control systems developed by the NSA Cybersecurity Directorate. Version GRASSMARLIN v3.2.1 contains a code vulnerability. This vulnerability stems from insufficient hardening of the XML parsing process, which may...

CVE-2026-26201

emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process cra...

CVE-2025-12707 Library Management System <= 3.2.1 - Unauthenticated SQL Injection

The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2025-67940 WordPress Powerlift theme < 3.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue affects Powerlift: from n/a through 3.2.1...

CVE-2025-62983

CVE-2025-62983 is a stored XSS in the WordPress plugin Posts By Tag (versions ≤ 3.2.1). The issue arises from improper neutralization of input during web page generation, enabling injection of malicious scripts that could be persisted and reflected to users. The vulnerability is labeled as MEDIUM...

EUVD-2025-26959

Malicious code in bioql PyPI...

CVE-2025-10342 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...

CVE-2025-57932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Diego Pereira PowerFolio portfolio-elementor allows Stored XSS.This issue affects PowerFolio: from n/a through = 3.2.1...

CVE-2024-9147

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before v3.2.1...

CVE-2023-21769 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other functions. Rukovoditel v3.2.1 version has a security vulnerability , the vulnerability stems from the Entities Group...

PT-2022-26784 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A stored cross-site scripting XSS issue in the Users Alerts feature /index.php?module=users alerts/users alerts allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted paylo...

PYSEC-2022-269

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...

PT-2021-24086 · Django +4 · Django +4

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.25 Django versions 3.1 before 3.1.14 Django versions 3.2 before 3.2.10 Description: HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. This issue has low...

kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries

The igmpheardquery function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service divide-by-zero error and panic via IGMP packets...