CVE-2026-45040

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

goshs 路径遍历漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.3 contained a path traversal vulnerability. This vulnerability stemmed from the lack of return statements after path traversal checks...

CVE-2025-67506

PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload...

Nick Chan Bot Operating System Command Injection Vulnerability

Nick Chan Bot is a private Discord bot written using the discord.js library. An operating system command injection vulnerability exists in versions prior to Nick Chan Bot 1.0.0-beta. The vulnerability stems from a network system or product not properly filtering special characters, commands, etc...

CVE-2016-10920

The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS...