CVE-2026-42576

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g...

CVE-2024-3760

In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Attackers can exploit this by automating forgot password requests to flood targeted user accounts with a high volume of password reset emails. This not only...

CVE-2024-27294

CVE-2024-27294 concerns the Go/Puppet toolchain issue for the dp-golang module. Affected: dp-golang prior to 1.2.7, used with Puppet running as root on macOS (Go versions 1.4.3–1.21rc3; specific bootstrap tarballs). Root cause: files within the Go installation could be created with incorrect owne...

CVE-2020-18129

A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php...

Cross site request forgery (csrf)

A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php...

CVE-2020-18129

A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php...

Cross site request forgery (csrf)

Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...

新云cms（yxcms）建站系统V1.2.7 shownews.asp SQL注入漏洞

No description provided by source...