CVE-2026-33028 Nginx UI: Race Condition Leads to Persistent Data Corruption and Service Collapse

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the prima...

CVE-2026-26279

Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...

CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection

Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...

CVE-2026-27198

Formwork is a flat file-based Content Management System CMS. In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has...

PT-2025-51388

Name of the Vulnerable Software and Affected Versions freshchat versions n/a through 2.3.4 Description A Cross-Site Request Forgery CSRF issue exists in freshchat. This allows attackers to potentially perform actions on behalf of an authenticated user without their knowledge. Recommendations Upda...

CVE-2024-29472

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting XSS vulnerability via the Privilege Management module...

PT-2024-22920 · Oneblog · Oneblog

Name of the Vulnerable Software and Affected Versions: OneBlog version 2.3.4 Description: A stored cross-site scripting XSS issue was found in the User Management module. This allows for malicious scripts to be stored and executed on the site. Recommendations: For OneBlog version 2.3.4, update to...

CVE-2023-32796

Unauth. Stored Cross-Site Scripting XSS vulnerability in MingoCommerce WooCommerce Product Enquiry plugin = 2.3.4 versions...

PYSEC-2021-305

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

WordPress plugin 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A PHP object injection vulnerability exists in WordPress Redirection for Contact Form 7 Plugin...

SV3C L-SERIES HD CAMERA Cross-Site Scripting Vulnerability

SV3C L-SERIES HD CAMERA is a webcam product from SV3C Technology, China. A cross-site scripting vulnerability exists in SV3C L-SERIES HD CAMERA version V2.3.4.2103-S50-NTD-B20170508B, which originates from the program failing to properly validate user-submitted input. The vulnerability can be...