@antv/g-canvas (>=2.0.0 <=2.0.52), @antv/g-canvaskit (>=1.0.0 <=1.0.51) +9 more potentially affected by unknown CVE via @antv/g-plugin-html-renderer (>=2.0.0 <=2.3.1)

@antv/g-plugin-html-renderer NPM version =2.0.0, =2.0.0, =1.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.56 - @antv/g6 =5.0.46 - @antv/g6-extension-3d =0.1.20 - @antv/s2 =2.4.12-alpha.1 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINHTMLRENDERER-16755116...

seerr 安全漏洞

Seerr Team has developed Seerr, a media request and discovery manager. Versions of Seerr from 2.0.0 to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from defects in the authentication protection logic, allowing unauthenticated attackers to register new accounts and obtai...

CVE-2025-8082

Vuetify CVE-2025-8082 affects the VDatePicker component where the title-date-format property can output user-generated content which is assigned to innerHTML without sanitization, enabling Cross-Site Scripting. Affected versions are Vuetify 2.0.0 and above up to, but not including, 3.0.0. The iss...

PT-2025-50965

Name of the Vulnerable Software and Affected Versions Vuetify versions 2.0.0 through 2.9.9 Description A flaw exists in the 'VDatePicker' component of Vuetify that allows unsanitized HTML to be inserted into a webpage. This is due to the improper handling of the 'title-date-format' property, whic...

CVE-2024-55160

GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list...

CVE-2024-55160

GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list...

PT-2025-7444 · Gfast · Gfast

Name of the Vulnerable Software and Affected Versions: GFast versions 2 through 3.2 Description: A SQL injection issue was discovered via the SortName parameter at the "/system/loginLog/list" API endpoint. This allows for potential exploitation. Recommendations: For versions 2 through 3.2, as a...

WordPress plugin WP Media Category Management 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

NUUO NVRmini 路径遍历漏洞

NUUO NVRmini is a standalone Linux-based IP camera surveillance solution from NUUO. A path traversal vulnerability exists in NUUO NVRmini versions 2.x through 3.0.8, which stems from the fact that incorrect manipulation of the parameter filename can lead to path traversal...

CVE-2022-23155

Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system...

@depup/strapi (=2.0.2-depup.0), @koj/strapi (>=0.0.0 <=1.4.0) +9 more potentially affected by CVE-2020-27664 via strapi (>=2.0.2 <=3.1.6)

strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =2.0.0, =2.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2020-27664 Source advisory: OSV:GHSA-7FRV-9PHW-VRVR...

PT-2015-5967 · Mobile Devices · Mobile Devices C4 Obd-Ii Dongle

Name of the Vulnerable Software and Affected Versions: Mobile Devices aka MDI C4 OBD-II dongles versions 2.x through 3.4.x Description: The issue allows remote attackers to gain access by leveraging knowledge of a private key from another installation, as the SSH private keys stored are the same...