CVE-2026-33398

NamelessMC 2.2.4 is affected by an insecure access control in modules/Forum/pages/forum/get_quotes.php, which only checks that a caller is logged in and reads a post by an attacker-controlled post ID. The backend helper in modules/Forum/classes/Forum.php does not enforce forum or topic ACLs, allo...

CVE-2026-1186

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive default file type used by the Legislator application and choose arbitrary path outside the intended directory e.x. system startup where files will be extracted by the victim upon...

CVE-2017-6363

In the GD Graphics Library aka LibGD through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gdtiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and...

CVE-2025-21621

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...

CVE-2023-32509

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rolf van Gelder Order Your Posts Manually plugin = 2.2.5 versions...