MindSQL 代码注入漏洞

MindSQL is an open-source database interaction and retrieval enhancement generation library developed by MindInventory. Versions of MindSQL 0.2.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from the askdb function in the mindsql/core/mindsqlcore.py file, which...

CVE-2026-25651

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

Summary Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. Vulnerable Code javascript //...

CVE-2026-25651 client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

EUVD-2026-5630

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

willitmerge 命令注入漏洞

willitmerge is a command line tool by the individual developer Kyle Robinson Young. A command injection vulnerability exists in willitmerge version 0.2.1 and earlier, which stems from improper use of the Unsafe Sub-Process Execution API and can lead to command injection...

CVE-2025-12712

CVE-2025-12712 (Shouty WordPress plugin) vulnerable in all versions up to 0.2.1 due to insufficient input sanitization and output escaping on shouty shortcode attributes, enabling stored cross-site scripting. Exploitation requires authenticated access at Contributor level or higher; an attacker c...

CVE-2025-58172 drawnix debug logging cross-site scripting vulnerability

drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...

PT-2024-29457 · Unknown · Lin-Cms Springboot

Name of the Vulnerable Software and Affected Versions: lin-CMS Springboot versions 0.2.1 and before Description: The issue allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Recommendations: For versions 0.2.1 and before, consider...

Wordpress plugin WP-CORS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...