CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

PT-2026-27631

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions 5.13.0 through 5.13.3 Description Invoice Ninja allows for the execution of stored cross-site scripting XSS payloads through invoice line item descriptions in versions 5.13.0 through 5.13.3. The line item description fie...

CVE-2025-60595

SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution...

Mattermost Desktop App 安全漏洞

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App version 5.13.0 and earlier, which originates from an unauthenticated external URL and could allow an attacker to crash the application by sending a specially...

CVE-2025-9796 thinkgem JeeSite EncodeUtils.java decodeUrl2 cross site scripting

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made...

CVE-2019-20864

An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account...

CVE-2025-1132

A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the ENtyid parameter. The parameter is directly inserted into an SQL query without proper sanitization, allowing attackers to inject malicious SQL commands. Please note that the...

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.13.0, which stems from the presence of an SQL injection that results in the disclosure of database information...

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.13.0 and prior versions that stems from the newCountName parameter being directly connected to a SQL query without proper cleanup. An attacker exploiting this...

CBL Mariner 2.0 Security Update: packer (CVE-2025-21613)

The version of packer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21613 advisory. - go-git is a highly extensible git implementation library written in pure Go. An argument injection...

CVE-2025-21613 go-git has an Argument Injection via the URL field

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

CVE-2022-36928

CVE-2022-36928 — Path traversal in Zoom for Android is documented across multiple sources. It affects Zoom for Android versions prior to 5.13.0, where a third-party app could exploit a path traversal flaw to read and write to the Zoom application data directory. The underlying issue is described ...

PT-2023-1098 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Zoom for Android versions prior to 5.13.0 Description: The issue is related to incorrect restriction of the path name to a directory with limited access, allowing a third-party app to exploit this and read and write to the Zoom application da...

Tenable Nessus Network Monitor < 5.13.0 Multiple Vulnerabilities (TNS-2021-02)

Tenable Nessus Network Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Exploit for NULL Pointer Dereference in Linux Linux_Kernel

CVE-2022-23222 Click here if you just wanna build and run th...

Exploit for NULL Pointer Dereference in Linux Linux_Kernel

CVE-2022-23222 Click here if you just wanna build and run th...

PT-2024-11194

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.13.0-rc1+ Description A vulnerability has been resolved in the Linux kernel, specifically in the btrfs file system. The issue occurred when error injection testing caused a panic due to an invalid opcode. The error path...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands...

Security Bulletin: Security vulnerabilities have been identified in IBM Tivoli Integrated Portal (TIP) shipped with Tivoli Business Service Manager (CVE-2015-5254, CVE-2014-3600, CVE-2014-3612, CVE-2014-8110, CVE-2014-3579)

Summary IBM Tivoli Integrated Portal TIP is shipped as a component of Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM Tivoli Integrated Portal TIP have been published in a security bulletin. Vulnerability Details Please consult the Security Bulletin:...

Apache ActiveMQ 5.x < 5.13.0 Java Object Unserialization RCE

Binary data 9080.prm...