5 matches found
CVE-2025-27511
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...
CVE-2026-34606 Stored XSS in Frappe LMS
Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...
CVE-2025-47776
Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...
stb 资源管理错误漏洞
stb is a single-file public domain library for C/C ++. A security vulnerability exists in nothings stb version 2.27, which stems from a heap-based post-release reuse issue in the function stbijpeghuffdecode in the file stbimage.h. The vulnerability is caused by a heap-based post-release reuse iss...
CVE-2020-26290
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library...