CVE-2026-25628 Qdrant affected by arbitrary file write via `/logger` endpoint

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...

Exploit for CVE-2026-24061

CVE-2026-24061 GNU Inetutils telnetd Remote Authentication...

AZL-71473 CVE-2025-65637 affecting package umoci 0.4.7-13

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

OpnForm 安全漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A security vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from an API endpoint mishandling and could lead to a cross-site request forgery attack...

OpnForm 安全漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A security vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from incorrect manipulation of an unknown function in file/api/password/email, which may lead to information disclosure...

OpnForm 安全漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A security vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from a lack of authorization in the file /show/integrations and could lead to unauthorized access...

Unmark 代码问题漏洞

Unmark is an open source to-do list application for bookmarking. A code issue vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from incorrect manipulation of the parameter url in the file /application/controllers/Marks.php, which could lead to server-side request forgery. An...

Unmark 代码注入漏洞

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions suffer from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by parameter q in the file...

GHSA-MGH9-4MWP-FG55 OpenFGA Authorization Bypass

Overview OpenFGA v1.9.3 to v1.9.4 openfga-0.2.40 = Helm chart = openfga-0.2.41, v1.9.3 = docker = v.1.9.4 are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.9.3 to...

CVE-2025-55213 OpenFGA Authorization Bypass (Check)

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 openfga-0.2.40 = Helm chart = openfga-0.2.41, v1.9.3 = docker = v.1.9.4 are vulnerable to improper policy enforcement when certain Check and...

CVE-2025-55213 OpenFGA Authorization Bypass (Check)

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 openfga-0.2.40 = Helm chart = openfga-0.2.41, v1.9.3 = docker = v.1.9.4 are vulnerable to improper policy enforcement when certain Check and...

PT-2025-33691 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.9.3 through 1.9.4 Description: OpenFGA is an authorization/permission engine. Versions 1.9.3 through 1.9.4 are susceptible to improper policy enforcement during specific Check and ListObject calls. Recommendations: Upgrade ...

OpenFGA 安全漏洞

OpenFGA is OpenFGA open source a high performance and flexible authorization/licensing engine built for developers and inspired by Google Zanzibar. A security vulnerability exists in OpenFGA versions v1.9.3 through v1.9.4 that stems from improper policy enforcement and could lead to authorization...

PT-2024-25889 · Coderevolution · Coderevolution Aiomatic

Name of the Vulnerable Software and Affected Versions: CodeRevolution Aiomatic versions 1.9.3 and earlier Description: A Missing Authorization issue affects the software, allowing unauthorized access. The estimated number of potentially affected devices is not specified. There is no information...

WordPress plugin Ultimate Under Construction 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

Wordpress Plugin Contact Form 7 – PayPal & Stripe Add-on 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

KubeEdge 代码问题漏洞

KubeEdge is an open source edge computing framework built on Kubernetes and extends containerized application orchestration and device management to hosts on the end. A denial-of-service vulnerability exists in KubeEdge versions prior to 1.11.0, prior to 1.10.1, and prior to 1.9.3, which can be...

KubeEdge 代码问题漏洞

KubeEdge is KubeEdge open source a Kubernetes native edge computing framework. Built on Kubernetes and extends native containerized application orchestration and device management to edge hosts. A code issue vulnerability exists in KubeEdge versions prior to 1.11.0, 1.10.1, and 1.9.3, which stems...

Path traversal

Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem potentially leading to arbitrary code execution via the 1 filename parameter to BlueimpController.php; the 2 dzchunkindex...

PT-2005-4444 · Xmb Forum · Xmb

Name of the Vulnerable Software and Affected Versions: XMB versions 1.9.3 and earlier Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the Your Current Mood field in the registration page. This could potentially lead to...