Crypt::DSA 安全漏洞

Crypt::DSA is a Perl cryptography module developed by TIMLEGGE’s individual developers, which supports the generation and verification of DSA digital signatures. Versions of Crypt::DSA prior to 1.19 contained security vulnerabilities; these vulnerabilities stemmed from the use of the 2-args open...

CoreDNS 安全漏洞

CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a security vulnerability. This vulnerability stemmed from the tsig plugin’s trust transfer writer, which relied on TsigStatus for verification instead of performing its own validation. This allowed...

CVE-2026-4749

NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0...

CVE-2026-33283

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected...

CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

Hereta ETH-IMC408M 跨站脚本漏洞

The Hereta ETH-IMC408M is an Ethernet switch device produced by the Hereta company in the United States. Versions of Hereta ETH-IMC408M prior to 1.0.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of inputs in the Network Diagnosis ping functio...

CVE-2026-24818

Out-of-bounds Read vulnerability in praydog UEVR dependencies/lua/src modules. This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05...

SUSE CVE-2026-23737

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...

CVE-2008-6047

Cross-site scripting XSS vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 subscribing and 2 unsubscribing...

CVE-2025-59583

CVE-2025-59583 affects the Penci Filter Everything WordPress plugin (PenciFilter Everything, penci-filter-everything) with a DOM-based XSS flaw caused by improper input neutralization during web page generation in versions

CVE-2023-1318

Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to v1.16.6...

CVE-2023-5375

Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2...

CVE-2021-20744

Cross-site scripting vulnerability in EC-CUBE Category contents plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation...

CVE-2024-13123 AFI < 1.100.0 - Admin+ Stored XSS

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1202

Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass. This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned that the product is not supported...

PT-2025-4446 · Unknown · Cf7Save Extension

Name of the Vulnerable Software and Affected Versions: Cf7Save Extension versions prior to 1 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject malicious scripts into w...

WordPress CM Pop-Up Banners for WordPress plugin < 1.7.3 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Eunho Kim in WordPress Plugin CM Pop-Up banners versions 1.7.3...

Apache Linkis 代码问题漏洞

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. Apache Linkis 1.6.0 before the version of the code problem vulnerability, the vulnerability stems from the data...

CVE-2023-2959

Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2...

CVE-2023-0741 Cross-site Scripting (XSS) - DOM in answerdev/answer

Cross-site Scripting XSS - DOM in GitHub repository answerdev/answer prior to 1.0.4...