44 matches found
EUVD-2026-38605
Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: apikey and apisecret are declared nolog=True at the input level, but both credentials are immediately URL-encoded into a GET request as query parameters, bypassing all nolog protection. Vulnerable...
PT-2026-51587
Name of the Vulnerable Software and Affected Versions Ansible affected versions not specified Description In the plugins/modules/nexmo.py module, the api key and api secret variables are marked as no log=True to prevent them from being logged. However, these credentials are URL-encoded and includ...
BIT-DISCOURSE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user with access to the AI...
EUVD-2026-34252
A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/addpost.php. Performing a manipulation of the argument upfiletopost results in unrestricted upload. The attack may be initiated remotely. The exploit has been...
CVE-2026-10806 mjperpinosa stumasy add_post.php unrestricted upload
A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/addpost.php. Performing a manipulation of the argument upfiletopost results in unrestricted upload. The attack may be initiated remotely. The exploit has been...
stumasy 代码问题漏洞
Stumasy is a student performance management and analysis system developed by Marejean Chernyak. Stumasy has code vulnerabilities; these vulnerabilities arise from an unknown function in the application/PHP/objects/updates/addpost.php file, which allows unlimited uploads due to improper handling o...
Astra Linux – Vulnerability in curl
There is an information disclosure vulnerability in curl v8.1.0 when performing HTTPS transfers. libcurl may incorrectly use the read callback CURLOPTREADFUNCTION to request data to be sent, even when the CURLOPTPOSTFIELDS option is set. This occurs if the same handle was previously used to issue...
JLSEC-2026-410
An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...
JLSEC-2026-396
When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...
CVE-2025-23878
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Reilly Post-to-Post Links easy-post-to-post-links allows Stored XSS.This issue affects Post-to-Post Links: from n/a through = 4.2...
Siemens Ruggedcom ROX Missing Encryption of Sensitive Data (CVE-2023-28322)
An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...
CVE-2025-65229
creationtimestamp| type| source ---|---|--- 2025-12-08 23:19:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7j662xtup2s...
Siemens SIMATIC S7-1500 Expected Behavior Violation (CVE-2022-32221)
When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...
EUVD-2025-3499
Malicious code in bioql PyPI...
EUVD-2024-52548
Malicious code in bioql PyPI...
WordPress plugin PDF 2 Post 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
CVE-2024-54428
Cross-Site Request Forgery CSRF vulnerability in onigetoc Add image to Post add-image-to-post allows Stored XSS.This issue affects Add image to Post: from n/a through = 0.6...
WordPress Link to URL / Post plugin <=1.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Tri Doan in WordPress Plugin Link to URL / Post versions = 1.3...
CVE-2025-23878
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Reilly Post-to-Post Links easy-post-to-post-links allows Stored XSS.This issue affects Post-to-Post Links: from n/a through = 4.2...
WordPress Post-to-Post Links plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Pham Van Tam in WordPress Plugin Post-to-Post Links versions = 4.2...