com.github.wjw465150:erupt-dsl (>=1.10.1 <=1.10.15), io.gitee.ank_code:ak-admin-bas (>=0.1 <=0.11) +18 more potentially affected by CVE-2026-4594 via xyz.erupt:erupt-jpa (>=1.10.beta <=1.12.9)

xyz.erupt:erupt-jpa MAVEN version =1.10.beta, =1.10.1, =0.1, =0.1, =0.1, =0.1, =0.1, =1.12.0, =1.12.20, =1.10.13, =1.10.8, =1.12.21, =1.11.7, =1.10.0-beta, =1.10.0-beta, =1.12.23 and more Source cves: CVE-2026-4594 Source advisory: SNYK:JAVA-XYZERUPT-15812216...

WordPress Nuts theme <= 1.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Nuts versions = 1.10...

CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

@chainsafe/lodestar (>=1.10.0-dev.00b94f3802 <=1.25.0-rc.0), @lodestar/beacon-node (>=1.10.0-dev.00b94f3802 <=1.25.0-rc.0) potentially affected by unknown CVE via @lodestar/reqresp (>=1.10.0-dev.a208afb45a <=1.25.0-rc.0)

@lodestar/reqresp NPM version =1.10.0-dev.a208afb45a, =1.10.0-dev.00b94f3802, =1.10.0-dev.00b94f3802, =1.25.0-rc.0 Source cves: unknown CVE Source advisory: OSV:GHSA-53RV-HCVM-RPP9...

WordPress plugin Instabot 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

PT-2024-31656

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.10.0 through 1.27.0 Apache NiFi versions 2.0.0-M1 through 2.0.0-M3 Description: The vulnerability allows an authenticated user, authorized to configure a Parameter Context, to enter arbitrary JavaScript code in the...

OMICRON StationGuard 安全漏洞

OMICRON StationGuard is an application from OMICRON Austria. It is used for network monitoring. A security vulnerability exists in OMICRON StationGuard versions 1.10 through 2.20 and OMICRON StationScout versions 1.30 through 2.20, which stems from the presence of a misauthorization, and can be...

SUSE CVE-2013-4931

epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service loop via a crafted packet that is not properly handled by the GSM RR dissector...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), cf.pgmann.plugins:url-auth-sso (=1.0) +125 more potentially affected by CVE-2018-8718 via org.jenkins-ci.plugins:mailer (>=1.10 <=1.20)

org.jenkins-ci.plugins:mailer MAVEN version =1.10, =1.9.2-beta, =1.14.0, =4.1.1, =2.30.2, =1.0.22, =1.3.0, =0.11.0, =1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2018-8718 Source advisory: OSV:GHSA-6G57-H38C-Q52G...

@agrc/helpers (>=1.0.0 <=1.0.1), @dojo/interop (>=4.0.0 <=7.0.0) +9 more potentially affected by CVE-2021-23450 via dojo (>=1.10.0 <=1.16.4)

dojo NPM version =1.10.0, =1.0.0, =4.0.0, =0.0.29, =0.0.1, =1.10.0, =0.1.0, =1.10.3, =0.3.0-alpha.1, =0.0.1, =0.5.24 Source cves: CVE-2021-23450 Source advisory: OSV:GHSA-M8GW-HJPR-RJV7...

HTSlib 缓冲区错误漏洞

HTSlib is a library file for the C language. A buffer error vulnerability exists in HTSlib versions 1.10 through 1.10.2, which stems from the program allowing out-of-bounds write access to the vcf parsing format...

dijit (>=1.10.0 <=1.11.1), dojo-node (=4.1.0) +2 more potentially affected by CVE-2020-5258 via dojo (>=1.10.0 <=1.11.1)

dojo NPM version =1.10.0, =1.10.0, =1.10.3, =0.3.0-alpha.1, =0.3.0-alpha.32 Source cves: CVE-2020-5258 Source advisory: OSV:GHSA-JXFH-8WGV-VFR2...

acclaim-badges (=0.1.0), admindjango-ckeditor-blog (=0.1.0) +158 more potentially affected by CVE-2019-19844 via django (>=1.10.0 <=1.11.26)

django PYPI version =1.10.0, =0.2.0.dev20181221, =0.1.0b2696.post0.dev1, =0.2.1, =3.1.4, =2.0.0, =0.3.1, =0.0.19, =0.0.24 and more Source cves: CVE-2019-19844 Source advisory: OSV:GHSA-VFQ6-HQ5R-27R6...

UBUNTU-CVE-2017-7234

A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...

wireshark: The pcapng file parser could crash (wnpa-sec-2015-08)

Off-by-one error in the pcapngread function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service out-of-bounds read and application crash via an invalid Interface Statistics Block ISB interfa...

CVE-2015-0560

The dissectwccp2r1addresstableinfo function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service application crash via a crafted...

wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51) (A different flaw than CVE-2013-4933)

The netmonopen function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service application crash via a crafted packet-trace file...

krb5: KDC daemon crash via free() of an uninitialized pointer

The kdchandleprotectednegotiation function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute...

PT-2007-3321 · Xoops +1 · Virii Info +1

Name of the Vulnerable Software and Affected Versions: Xoops module Virii Info versions 1.10 and earlier Description: A remote file inclusion issue in the index.php file of the Virii Info module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfigroot path...