CVE-2021-39916

Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....

CVE-2020-5900

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery CSRF protections for the NGINX Controller user interface...

CVE-2020-1933

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers...

CVE-2020-7974

GitLab EE 10.1 through 12.7.2 allows Information Disclosure...

CVE-2019-19151

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell tmsh privileges are able access object...

CVE-2025-26872

Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2...

CVE-2025-43840

Cross-Site Request Forgery CSRF vulnerability in ref CheckBot checkbot allows Stored XSS.This issue affects CheckBot: from n/a through = 1.05...

Versa Concerto SD-WAN 安全漏洞

Versa Concerto SD-WAN is an easy-to-use user interface from Versa for configuring and monitoring Versa OS devices in a secure SD-WAN. A security vulnerability exists in Versa Concerto SD-WAN versions 12.1.2 through 12.2.0, which stems from an authentication bypass in the Traefik Reverse Proxy...

vLLM 代码问题漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in vLLM versions 0.6.5 through 0.8.4, which stems from PyNcclPipe KV cache transfers not properly limiting the scope of TCPStore interface access...

CVE-2025-39372

CVE-2025-39372 – Reflected Cross‑Site Scripting in the WordPress Events Calendar Registration & Tickets plugin (versions

CVE-2025-39451

Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through = 1.3.16...

CVE-2025-39374

CVE-2025-39374 : Cross-Site Request Forgery (CSRF) leading to Stored XSS in the WordPress plugin “Best Posts Summary” for versions up to 1.0. The CVE is documented with CVSS v3.1 base score 7.1 (HIGH) and network attack vector, low confidentiality/integrity/availability impact, and user interacti...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1597 more potentially affected by CVE-2025-2099 via transformers (>=4.0.0 <=4.4.2)

transformers PYPI version =4.0.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2025-2099 Source advisory: SNYK:PYTHON-TRANSFORMERS-10185677...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1624 more potentially affected by CVE-2025-2099 via transformers (>=2.10.0 <=4.48.3)

transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.2 and more Source cves: CVE-2025-2099 Source advisory: OSV:PYSEC-2025-40...

paicoding 安全漏洞

paicoding is an open source community system for itwanger individual developers. A security vulnerability exists in paicoding versions 1.0.0, 1.0.1, 1.0.2, and 1.0.3, which stems from an improper cross-domain policy due to misuse of the file CrossUtil.java...

CVE-2025-48134

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through = 2.2.12...

CVE-2025-32307

CVE-2025-32307 affects LambertGroup Chameleon HTML5 Audio Player With/Without Playlist (plugin slug lbg-audio1-html5), vulnerable through version 3.5.6 due to improper neutralization of special elements in SQL commands (SQL Injection). The CVE’s technical details in connected sources confirm an S...

2vyper (=0.3.0), ape-dasy (=0.1.0) +30 more potentially affected by CVE-2025-47285 via vyper (>=0.1.0b12 <=0.4.1)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.21.0 and more Source cves: CVE-2025-47285 Source advisory: OSV:GHSA-QHR6-MGQR-MCHM...

Hitachi Ops Center Analyzer和Hitachi Infrastructure Analytics Advisor 安全漏洞

Hitachi Ops Center Analyzer and Hitachi Infrastructure Analytics Advisor are both products of Hitachi, Ltd. of Japan.Hitachi Ops Center Analyzer is a data center management software. It monitors, reports, and correlates end-to-end performance from servers to storage.Hitachi Infrastructure Analyti...

Hitachi Ops Center Analyzer viewpoint 安全漏洞

Hitachi Ops Center Analyzer viewpoint is an application from Hitachi, Ltd. It provides visibility and data analysis of heterogeneous IT resources across the complete data path of an application. A security vulnerability exists in Hitachi Ops Center Analyzer viewpoint versions prior to 10.0.0-00...