4564 matches found
PrivateBin 安全漏洞
PrivateBin is a minimalist open source online pastebin from the PrivateBin project. A security vulnerability exists in PrivateBin version 1.7.7 up to and including version 2.0.3, which originates from a reflection to a page when HTML is included in a drag-and-drop filename, and could lead to a...
PrivateBin 安全漏洞
PrivateBin is a minimalist open source online pastebin from the PrivateBin project. A security vulnerability exists in PrivateBin version 1.7.7 up to and including version 2.0.3, which stems from the presence of a local file inclusion in the template switching feature that could lead to the readi...
Astro 代码问题漏洞
Astro is an Astro open source web framework for content-driven websites. A code issue vulnerability exists in Astro versions 2.16.0 through prior to 5.15.5, which stems from the unsafe use of the x-forwarded-proto and x-forwarded-port request headers, which could lead to middleware protection rou...
ZITADEL 授权问题漏洞
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era from the Swiss ZITADEL open source. An authorization issue vulnerability exists in ZITADEL versions 2.50.0 through 2.71.19, 3.4.4, and prior to 4.6.6, which...
Siemens SIMATIC S7-1500 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2020-8169)
The libcurl library versions 7.62.0 to and including 7.70.0 are vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS servers. This plugin only works with Tenable.ot. Please visit...
CVE-2025-64705
Frappe Learning version range 2.0.0–2.40.9 suffers an information-disclosure vulnerability where users could view submissions from other students due to improper access control and direct URL access. The issue is fixed in version 2.41.0 by enforcing proper roles and redirecting direct URL access....
01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25351 more potentially affected by CVE-2025-63396 via torch (>=1.0.0 <=2.7.0)
torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-63396 Source advisory: OSV:PYSEC-2025-210...
EUVD-2024-55068
Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an...
Drupal core 8.0.0-10.4.8,10.5.0-10.5.5,11.0.0-11.1.8,11.2.0-11.2.7 - Unauthenticated Denial of Service Attack vulnerability
Unauthenticated Denial of Service Attack vulnerability discovered by Dragos Dumitrescu dragos-dumi in WordPress Core Drupal versions 8.0.0-10.4.8,10.5.0-10.5.5,11.0.0-11.1.8,11.2.0-11.2.7...
EulerOS 2.0 SP10 : bind (EulerOS-SA-2025-2378)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An...
EulerOS 2.0 SP12 : aide (EulerOS-SA-2025-2315)
According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An...
CVE-2025-11457
The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles durin...
OpenSMTPD 6.4.0 < 6.6.2p1 RCE Vulnerability - Version Check
OpenSMTPD is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-64182
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter the deprecated...
Langfuse 安全漏洞
langfuse is a large language model engineering platform open-sourced by Langfuse. A security vulnerability exists in Langfuse versions 2.70.0 up to and including 2.95.11 and 3.124.1, which stems from the server trusting a user-controlled orgId and using it for authorization checking, which could...
CVE-2025-64493
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...
CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...
EUVD-2020-30818
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
CVE-2025-64485
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...
CVAT.ai CVAT 路径遍历漏洞
CVAT.ai CVAT is an open source data processing tool from CVAT.ai. A path traversal vulnerability exists in CVAT.ai CVAT versions 2.4.0 through 2.48.1, which originates from a malicious user being able to create or overwrite files in the root directory of a mounted file share, potentially leading ...