Dify v1.9.1 - Broken Access Control

Dify v1.9.1 contains an insecure permissions vulnerability caused by lack of authorization checks in /console/api/system-features endpoint, letting unauthenticated attackers access sensitive system configuration data. id: CVE-2025-63387 info: name: Dify v1.9.1 - Broken Access Control author:...

Fedora 45 : containernetworking-plugins (2026-38d944f97d)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-38d944f97d advisory. Automatic update for containernetworking-plugins-1.9.1-1.fc45. Changelog Mon Mar 16 2026 Bradley G Smith - 1.9.1-1 - Update to release v1.9.1 -...

CVE-2025-70845

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS exists in the /setting/ page where the "intro" field is not properly sanitized or escaped...

GHSA-PHHQ-63JG-FP7R Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points

Background The VOLUME directive in Dockerfiles, or the config.volumes field in OCI image descriptors, indicates filesystem paths "where the process is likely to write data". While these paths have special semantics in Docker, they are only hints in the OCI spec and are not treated specially by...

CVE-2024-25450

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function initimlibfonts...

CVE-2024-25447

CVE-2024-25447 affects imlib2 v1.9.1, where the function imlib_load_image_with_error_return can be exploited to cause a heap-based buffer overflow by parsing a crafted image. The issue is consistently described across multiple sources as a vulnerability in imlib2 with potential high impact (confi...

CVE-2024-25447

An issue in the imlibloadimagewitherrorreturn function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image...

CVE-2024-25450

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function initimlibfonts...

CVE-2024-25450

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function initimlibfonts...

CVE-2024-25450

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function initimlibfonts...

CVE-2024-25450

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function initimlibfonts...

CVE-2024-25448

An issue in the imlibfreeimageanddecache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

PT-2022-28159 · Guzzle +3 · Guzzlehttp/Psr7 +3

Name of the Vulnerable Software and Affected Versions: guzzlehttp/psr7 versions prior to 1.9.1 guzzlehttp/psr7 versions prior to 2.4.5 Description: The issue concerns improper header parsing, allowing an attacker to sneak in a newline into both the header names and values. Many servers will also...

Ubiquiti Inc.: Web Server Predictable Session ID on EdgeSwitch

In EdgeSwitch legacy web interface the SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection. These vulnerabilities were found on EdgeSwitch 1G switch ESWH and EdgeSwitch 10G switch ESGH firmware v1.9.0. The fix for the...

Ubiquiti Networks EP-R6 / ER-X / ER-X-SFP Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cross-Site Scripting XSS product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP vulnerable version: Firmware v1.9.1 fixed version: Firmware v1.9.1.1 CVE number: impact: Medium...

File Hub 1.9.1 iOS - Multiple Vulnerabilities

No description provided by source. Document Title: =============== File Hub v1.9.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1195 Release Date: ============= 2014-02-15 Vulnerability Laboratory ID VL-ID:...

Feetan Inc WireShare 1.9.1 iOS - Persistent

Document Title: =============== Feetan Inc WireShare v1.9.1 iOS - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1157 Release Date: ============= 2013-12-05 Vulnerability Laboratory ID VL-ID: ====================================...

Stadtaus Voting v1.9.1 Remote File Include Vulnerability

Exploit for php platform in category web applications ======================================================== Stadtaus Voting v1.9.1 Remote File Include Vulnerability ======================================================== Dr4cula.Us Stadtaus Voting v1.9.1 Remote File Include Vulnerability...