CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

CVE-2022-31159

The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...

CVE-2022-31170

OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...

CVE-2026-22255 iccDEV has heap-buffer-overflow in CIccCLUT::Init() at IccProfLib/IccTagLut.cpp

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in CIccCLUT::Init at IccProfLib/IccTagLut.cpp. This...

CVE-2026-21873

NiceGUI (Python UI framework) has a cross-site scripting risk in versions 2.22.0–3.4.1 due to an unsafe pushstate listener in ui.sub_pages that lets an attacker manipulate the URL fragment via an iframe. The issue is exploitable without user interaction and affects pages embeddable in iframes. A ...

CVE-2026-21687

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagCurve::CIccTagCurve. This vulnerability affects users of the iccD...

CVE-2026-21693 iccDEV has Type Confusion in CIccSegmentedCurveXml::ToXml() at IccXML/IccLibXML/IccMpeXml.cpp

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccSegmentedCurveXml::ToXml at...

EUVD-2026-1392

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagLutAtoB::Validate. This vulnerability affects users of the iccDEV...

CVE-2025-59158

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges e.g....

CVE-2025-59157

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary...

CVE-2025-59158 Coolify has Stored XSS in Project Name

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges e.g....

CVE-2025-59157 Coolify has Git Repository RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary...

CVE-2025-68481

FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...

EUVD-2025-204584

Langflow vulnerable to Server-Side Request Forgery...

EUVD-2025-204614

FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...

CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...

BIT-GITLAB-2025-11247 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries...

PT-2025-51916

Name of the Vulnerable Software and Affected Versions Homarr versions prior to 1.45.3 Description A flaw exists in Homarr dashboard that, before version 1.45.3, could allow privilege escalation and access to other users' groups. This is due to insufficient input sanitization within the LDAP searc...

CVE-2025-68274

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

PT-2025-51348

Name of the Vulnerable Software and Affected Versions ConvertX versions prior to 0.16.0 Description ConvertX is a self-hosted online file converter. The /upload endpoint allows an authenticated user to write arbitrary files on the system, potentially overwriting binaries and enabling code...