15 matches found
CVE-2026-44927
A flaw was found in uriparser. This vulnerability involves pointer difference truncation, where calculations involving memory addresses are incorrectly shortened. This could lead to minor data integrity issues within the application. Exploitation of this flaw requires local access to the system a...
UBUNTU-CVE-2026-44928
In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...
CVE-2026-44927
In uriparser before 1.0.2, there is pointer difference truncation to int in various places...
Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...
GHSA-PR6M-QWRR-MRW9 Drupal Plausible tracking is vulnerable to XSS
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Plausible tracking allows Cross-Site Scripting XSS. This issue affects Plausible tracking: from 0.0.0 before 1.0.2...
Drupal Plausible tracking 安全漏洞
Drupal Plausible tracking is a data analysis plugin for the Drupal community. A security vulnerability exists in Drupal Plausible tracking versions prior to 1.0.2, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...
GHSA-34Q3-8X9V-J957 toggle-array vulnerable to prototype pollution
toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on...
js-toml 安全漏洞
js-toml is a TOML parser for JavaScript by Sunny Personal Developer. A security vulnerability exists in versions of js-toml prior to 1.0.2, which stems from a prototype contamination vulnerability that could lead to modification of the global Object.prototype property...
Redon Hub 安全漏洞
Redon Hub is an open source product delivery system from Redon Tech. A security vulnerability exists in Redon Hub versions prior to 1.0.2 that stems from a misconfiguration of permissions that allows all users to run administrator-related commands...
mosparo Input Validation Error Vulnerability
mosparo is modern spam protection. An input validation error vulnerability exists in mosparo versions prior to 1.0.2, which stems from an open redirection issue...
WordPress plugin Form block 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...
GLPI Inventory Plugin 路径遍历漏洞
GLPI Inventory Plugin is a French GLPI open source plugin . It is used to handle various types of tasks for GLPI agents. A path traversal vulnerability exists in versions prior to GLPI Inventory Plugin 1.0.2, which stems from a public script that can be used to read the contents of system files...
strikeentco set 安全漏洞
Strikeentco Set is a personal developer's Npm codebase for setting values in objects via set. A security vulnerability exists in versions prior to strikeentco set 1.0.2, which stems from a problem with the software code. It allows an attacker to exploit the vulnerability to cause a denial of...
WordPress ResAds Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation of a set of PHP language development of blogging platform , the platform supports in PHP and MySQL server set up personal blog site.ResAds plugin is used in one of the display formatting plugin for adaptation to a variety of endpoints. A cross-site...
D-Bus denial of service
Unspecified vulnerability in the matchruleequal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service lost process messages...