EUVD-2026-28800

Absinthe: Quadratic fragment-name uniqueness check...

CVE-2026-43967

Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation. 'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over all fragments and for each one calls...

Absinthe 安全漏洞

Absinthe is an open-source GraphQL implementation framework based on Elixir. Versions of Absinthe from 1.2.0 to 1.10.2 contained security vulnerabilities. These vulnerabilities were due to a quadratic algorithm complexity issue in the uniqueness validation of fragment names, which could lead to...

PT-2026-39147

Name of the Vulnerable Software and Affected Versions absinthe plug versions 1.2.0 through 1.10.1 Description Reflected cross-site scripting is possible via the GraphiQL interface. The js escape/1 function in lib/absinthe/plug/graphiql.ex fails to escape backslashes when processing the query GET...

Linux Distros Unpatched Vulnerability : CVE-2025-58066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which...

UBUNTU-CVE-2025-58066

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP...

CVE-2025-58066

CVE-2025-58066 affects ntpd-rs versions 1.2.0–1.6.1 (server side with non‑NTS traffic). An attacker can induce a message storm between two NTP servers running ntpd-rs, enabling a denial of service. Client‑only configurations are not affected. The advisory recommends upgrading to version 1.6.2, wh...

CVE-2025-51667

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations...

CVE-2025-53363

dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...

ViewVC 路径遍历漏洞

ViewVC is ViewVC open source a Web-based CVS, SVN code repository browsing tool. A path traversal vulnerability exists in ViewVC versions 1.1.0 to 1.1.31 and 1.2.0 to 1.2.3, which stems from a directory traversal in the standalone.py script, which could lead to the disclosure of the contents of t...

UBUNTU-CVE-2024-9102

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...

OESA-2024-1294 aops-zeus security update

A host and user manager service which is the foundation of aops. Security Fixes: In aops-zeus software versions 1.2.01.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be execut...

Apache InLong 安全漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. An authorization issue vulnerability exists in Apache InLong versions 1.2.0 through 1.6.0. The vulnerability stems from improper privilege management. An attacker can exploit the vulnerabili...

com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.0 <=1.2.2), org.apache.dolphinscheduler:dolphinscheduler-alert (>=1.2.0 <=2.0.0-alpha) +10 more potentially affected by CVE-2022-26885 via org.apache.dolphinscheduler:dolphinscheduler-common (>=1.2.0 <=2.0.5)

org.apache.dolphinscheduler:dolphinscheduler-common MAVEN version =1.2.0, =1.1.0, =1.2.0, =2.0.1, =1.2.0, =1.2.0, =2.0.0, =2.0.2, =1.3.5, =1.2.0, =1.3.0, =1.3.6, =1.3.9, =2.0.5 Source cves: CVE-2022-26885 Source advisory: OSV:GHSA-JVC3-WJF6-7C6C...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.tock:tock-nlp-model-stanford (>=19.9.0 <=22.3.2) +202 more potentially affected by CVE-2022-0239 via edu.stanford.nlp:stanford-corenlp (>=1.2.0 <=4.3.2)

edu.stanford.nlp:stanford-corenlp MAVEN version =1.2.0, =1.3, =19.9.0, =2.09, =2.7.3, =2.7.3, =2.7.3, =2.0.0, =2.0.1, =2.5, =3.0.1 - com.github.hungntbka:htime =1.0 - com.github.jenshaase.uimascala:arktweetpostagger2.11 =0.6.1 - com.github.jenshaase.uimascala:arktweettokenizer2.11 =0.6.1 -...

fastapi-skywalking-middleware (>=0.1.0 <=0.2.0), fastapi-skywalking-trace (=0.0.1) +3 more potentially affected by CVE-2020-13921 via apache-skywalking (>=1.0.1 <=1.2.0)

apache-skywalking PYPI version =1.0.1, =0.1.0, =0.0.12, =0.1.1, =2024080701.0.0, =20250116003.0.0 Source cves: CVE-2020-13921 Source advisory: OSV:PYSEC-2020-342...

Jolokia Cross-Site Request Forgery Vulnerability (CNVD-2019-26164)

Jolokia is a use of JSON via Http to achieve JMX remote management of open source projects , it provides JMX batch operation , security policies and so on. A cross-site request forgery vulnerability exists in Jolokia versions 1.2.0 through 1.6.0. The vulnerability stems from a WEB application tha...

@apifie/node-microservice (>=0.0.1 <=1.0.3), @conversationai/moderator-backend-api (>=1.0.0 <=1.0.6) +101 more potentially affected by unknown CVE via sequelize-cli (>=1.2.0 <=5.4.0)

sequelize-cli NPM version =1.2.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0-beta.1, =2.2.1, =3.1.5, =0.0.10, =0.0.6, =0.0.1, =1.1.7, =1.1.12 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3XC7-XG67-PW99...

Pivotal Grails Resources Plugin Path Traversal Vulnerability

Pivotal Grails is the U.S. Pivotal Software's set of Groovy-based programming language and for rapid development of Web applications and open source framework. Resource Plugin is one of the HTML resource management plugin . A directory traversal vulnerability exists in Pivotal Grails Resources...

Apache Tomcat JK ISAPI Connector Information Disclosure Vulnerability

Apache Tomcat JK ISAPI Connector is a U.S. Apache Apache Software Foundation for Apache or IIS to provide a connection to the back-end Tomcat module , which supports clustering and load balancing and so on. A security vulnerability exists in Apache Tomcat JK ISAPI Connector versions 1.2.0 through...