CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

CVE-2025-15599 DOMPurify XSS via Textarea Rawtext Bypass in SAFE_FOR_XML

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

CVE-2025-15599

CVE-2025-15599 affects DOMPurify before and after versions 2.x and 3.x due to a missing textarea rawtext validation in SAFE_FOR_XML that allows bypassing attribute sanitization and executing JavaScript when sanitized output is placed inside rawtext elements. Affected ranges: 3.1.3–3.2.6 and 2.5.3...

MineAdmin Access Control Vulnerability

MineAdmin is an open-source permission management system developed by MineAdmin. Versions 1.x and 2.x of MineAdmin contain access control vulnerabilities. These vulnerabilities stem from incorrect operations with parameter IDs in files/systems/downloadById, which may lead to information leaks...

EUVD-2022-55939

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...

CVE-2022-50790 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream...

PT-2025-54238

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below Description A vulnerability exists that allows remote attackers to access live radio stream information without authentication. Attackers can exploit this by calling specific web scripts to...

Openfiler 安全漏洞

Openfiler is provides an easy way to deploy and manage network storage. A security vulnerability exists in Openfiler version 2.x, which stems from the device parameter being passed directly to the exec function without validation, which could lead to remote code execution and elevation of privile...

Ivanti ICS Authorization Issues Vulnerability

Ivanti ICS is a generation of remote secure access products from Ivanti Corporation. An authorization issue vulnerability exists in Ivanti ICS version 9.x, version 22.x, and Ivanti Policy Secure, which stems from an authentication bypass vulnerability in a web component. An attacker could use thi...

Redisgraph Security Vulnerabilities

Redisgraph is a graph model-based database from the Redisgraph community. A security vulnerability exists in RedisGraph versions v.2.x through v.2.12.8. An attacker could exploit the vulnerability to execute arbitrary code via code logic after valid authentication...

SUSE CVE-2023-43615

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow...

PT-2023-5882 · Mbed Tls +3 · Mbed Tls +3

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 2.x before 2.28.5 Mbed TLS versions 3.x before 3.5.0 Description: The issue is related to errors in handling encryption in DTLS connections, specifically when using zero encryption or RC4 cipher. This can allow a remote...

Illumina Universal Copy Service 安全漏洞

Illumina Universal Copy Service is a universal copy service from Illumina, Inc. A security vulnerability exists in Illumina Universal Copy Service version 2.x. An unauthenticated attacker could use UCS to listen to all IP addresses, including those capable of remote communication. An...

SUSE CVE-2012-0768

The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service memory...

SUSE CVE-2017-7490

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...

Markdown-It 安全漏洞

Markdown-It is a Markdown parser. A security vulnerability exists in versions of Markdown-It before 2.x. An attacker exploited the vulnerability to cause an increase in the complexity of regular expressions...

CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Glewlwyd SSO server 安全漏洞

Glewlwyd SSO server is a single sign-on SSO server for multi-factor authentication for OAuth2 and OpenID Connect authentication. A security vulnerability exists in babelouest Glewlwyd SSO server versions 2.x through 2.6.2, which stems from a buffer overflow in the scheme/webauthn.c file in the...

Espressif ESP-IDF Buffer Error Vulnerability

Espressif ESP-IDF is an IoT development framework from China's Lexin Information Technology Espressif. A buffer error vulnerability exists in Espressif ESP-IDF, which can be exploited by attackers to crash an application. The following products and versions are affected: Espressif ESP-IDF 2.x,...

CISOfy Lynis Information Disclosure Vulnerability

CISOfy Lynis is a system security auditing tool from CISOfy Netherlands that supports multiple platforms. A security vulnerability exists in CISOfy Lynis versions 2.x through 2.7.5. The vulnerability can be exploited by an attacker to obtain a license key by observing a list of processes...