tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of proper cleaning of multiple POST parameters in the dbloader.php file,...

CtrlPanel.gg 操作系统命令注入漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the Web installer performing the install.lock check...

WordPress plugin IP2Location Country Blocker 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Notepad Next 代码注入漏洞

Notepad Next is a notepad software developed by dail8859. Versions of Notepad Next prior to 0.14 contained a code injection vulnerability. This vulnerability stemmed from the detectLanguageFromExtension function, which directly inserted file extensions into Lua scripts without proper cleanup. Thi...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow. This...

Koha Library Management System 安全漏洞

Koha Library Management System is an open-source library automation system developed by Koha. Versions of the Koha Library Management System prior to 23.05.10 contained security vulnerabilities. These vulnerabilities stemmed from the lack of cleaning user-controllable file names before...

defu 安全漏洞

Defu is a lightweight tool library developed by UnJS for recursively merging default values. Versions of Defu prior to 6.1.5 contained security vulnerabilities; these vulnerabilities stemmed from the practice of passing uncleaned user input into the Defu functions, which could lead to prototype...

Foreman 安全漏洞

Foreman is a set of open-source tools developed by Foreman for lifecycle management in both physical and virtual servers. This tool provides functions such as service activation, configuration management, and reporting status. There is a security vulnerability in Foreman, which stems from command...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. There is a security vulnerability in Mattermost, which stems from the failure to clean up post content controlled by users. This vulnerability could allow attackers to manipulate administrator...

Halloy 路径遍历漏洞

Halloy is a cross-platform IRC client developed by Squidowl. Halloy has a path traversal vulnerability, which stems from the lack of cleaning of file names during the DCC reception process. This vulnerability may lead to path traversal and arbitrary file writing...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Versions of Craft CMS from 5.6.0 to 5.9.11 contained security vulnerabilities. These vulnerabilities stemmed from the $settings array returned by the parsestr method in src/controllers/EntryTypesController.php, which...

WordPress plugin Simple Ajax Chat 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

OpenChatBI 路径遍历漏洞

OpenChatBI is an intelligent data analysis and visualization tool based on natural language dialogue, developed by Yu Zhong. Versions of OpenChatBI prior to 0.2.2 contained a path traversal vulnerability. This vulnerability stemmed from insufficient cleaning of the fileformat parameter input in t...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to version 21 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleanup of Markdown links in video comments, which could lead to...

Craft CMS 跨站脚本漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS prior to 5.14.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from the direct rendering of form labels and integrated metadata that were not properly cleaned, potential...

Foxit PDF Editor Cloud 安全漏洞

Foxit PDF Editor Cloud is a browser-based online PDF editing platform provided by the American company Foxit. Versions of Foxit PDF Editor Cloud prior to February 3, 2026, contained security vulnerabilities. These vulnerabilities stemmed from the inability to clean user input that was embedded in...

CVE-2026-22849

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to perform stored XSS attacks on dashboards and...

Signal K Server 代码注入漏洞

Signal K Server is a ship centralized server for Signal K open source. A code injection vulnerability exists in Signal K Server versions prior to 2.19.0, which stems from the appstore interface passing version parameters directly to npm without cleaning them up, which could lead to arbitrary code...

Blood Bank Management System 安全漏洞

Blood Bank Management System is a blood bank management system by shridhar shukla individual developer. A security vulnerability exists in Blood Bank Management System version 1.0, which stems from the updateprofile.php and rprofile.php components not cleaning up user input, which could lead to...

Institute-of-Current-Students 安全漏洞

Institute-of-Current-Students is a school management website by the individual developer Vishal Mathur. Institute-of-Current-Students v1.0 has a security vulnerability that stems from insufficient cleanup of the parameter myds in the mydetailsstudent.php endpoint, which could lead to an SQL...