Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Vulnerabilities existed in versions 4.0.0-RC1 to 4.17.5, as well as in versions 5.0.0-RC1 to 5.9.11 of Craft CMS. These vulnerabilities were caused by behavior injection remote code execution vulnerabilities in the...

CVE-2026-24942

Cross-Site Request Forgery CSRF vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through = 5.1.1...

CVE-2003-1003

Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service crash and reload via an SNMPv3 message when snmp-server is set...

CVE-2021-22000

VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp...

CVE-2020-24376

A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3...

CVE-2024-39303

Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a...

Photon OS 5.0: Aws PHSA-2026-5.0-0732

An update of the aws package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0732. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid28250...

CVE-2025-11966

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...

EUVD-2018-1903

Malware in sbrugna...

EUVD-2019-0399

Malware in sbrugna...

EUVD-2021-19328

Malware in sbrugna...

EUVD-2010-2262

Malware in sbrugna...

EUVD-2009-3752

Malware in sbrugna...

EUVD-2025-16195

Malicious code in bioql PyPI...

EUVD-2022-46992

Malicious code in bioql PyPI...

EUVD-2024-35559

Malicious code in bioql PyPI...

EUVD-2021-33440

Malicious code in bioql PyPI...

CVE-2025-57811

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI Server-Side Template Injection. This is a follow-up to CVE-2024-52293. This vulnerability has been patched in...

CVE-2025-29890

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

PT-2025-27383 · Rlpx · Rlpx

Name of the Vulnerable Software and Affected Versions: RLPx version 5 Description: The issue concerns RLPx 5, which has two CTR streams based on the same key, IV, and nonce. This design flaw can facilitate decryption on a private network. Recommendations: For RLPx version 5, consider reconfigurin...