12 matches found
CVE-2026-39595
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
CVE-2026-45413
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...
CVE-2026-45413 MaxKB: Unsalted MD5 Password Hashing
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...
CVE-2026-27384
Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through = 2.9.1...
Exploit for CVE-2025-2304
CVE-2025-2304-Camaleon-C...
CVE-2026-25057
CVE-2026-25057 affects MarkUs prior to version 2.9.1. Instructors can upload a zip file to create an assignment from an exported configuration, and the zip entry names are used to construct paths for writing files to disk without validating those paths. This can allow arbitrary path usage during ...
MarkUs 安全漏洞
MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Versions of MarkUs prior to 2.9.1 contained a security vulnerability due to insufficient file path checking, which could allow arbitrary file writing...
CVE-2019-19664
A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html...
laravel-filemanager 代码注入漏洞
laravel-filemanager is an open source tool from UniSharp. A security vulnerability exists in laravel-filemanager versions prior to 2.9.1 that stems from vulnerability to remote code execution attacks and allows attackers to execute malicious code...
PYSEC-2024-264
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.Users are recommended to upgrade to version 2.9.1, which fixes this issue...
PT-2023-15896 · Kaltura · Kaltura Mwembed
Name of the Vulnerable Software and Affected Versions: kaltura mwEmbed versions up to 2.91 Description: A problem was found in the Share Plugin component, specifically in the file modules/KalturaSupport/components/share/share.js. The issue allows for cross site scripting through the manipulation ...
PT-2021-23681 · Babel +8 · Babel +8
Name of the Vulnerable Software and Affected Versions: Babel versions prior to 2.9.1 Description: The issue is related to errors in input validation when handling directory traversal sequences in locale .dat files within Babel.Locale. This can allow an attacker to load arbitrary locale .dat files...