CVE-2026-40201

The CVE-2026-40201 affects @diplodoc/search-extension from versions 1.0.0 through 3.x prior to 3.0.3, where a stored XSS is possible via the title in a .md file. The issue is caused by input not being properly sanitized before being rendered in titles, enabling an attacker-supplied payload to exe...

apache-airflow-core (>=3.1.0 <=3.1.7rc2), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +14 more potentially affected by CVE-2026-30911 via apache-airflow (>=3.1.0 <=3.1.7rc2)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =12.0.0, =7.0.0, =1.15.0, =0.34.0, =1.9.0, =1.37.0, =1.26.0, =1.26.18rc1 and more Source cves: CVE-2026-30911 Source advisory: OSV:PYSEC-2026-17...

CVE-2025-66073

Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through = 3.3.8...

CVE-2025-48878

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user e.g. with Service desk agent profile to create a ModuleInstallation object when they shouldn't be able to do so. Version 3.2.2 fixes the issue...

CVE-2025-48878

CVE-2025-48878 affects Combodo iTop (3.x) prior to 3.2.2. The vulnerability is an insecure direct object reference that allows a user (e.g., with a Service desk agent profile) to create a ModuleInstallation object when they should not be able to. The issue is resolved in 3.2.2. Impact details are...

EUVD-2020-3171

Malware in sbrugna...

EUVD-2016-3644

Malware in sbrugna...

PT-2024-10232 · Drupal · Drupal Oauth & Openid Connect Single Sign On – Sso

Name of the Vulnerable Software and Affected Versions: Drupal OAuth & OpenID Connect Single Sign On – SSO OAuth/OIDC Client versions 3.0.0 through 3.43.0 Drupal OAuth & OpenID Connect Single Sign On – SSO OAuth/OIDC Client versions 4.0.0 through 4.0.18 Description: The issue is related to imprope...

SolaX Pocket WiFi Security Vulnerability

SolaX Power SolaX Pocket WiFi is a portable WiFi from SolaX Power. A security vulnerability exists in SolaX Pocket WiFi version 3 through 3.001.02, which stems from a WiFi network that provides a web-based configuration utility and an unauthenticated ModBus protocol interface...

vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-41882 via vantage6 (>=0.0.0 <=3.9.0rc4)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-41882 Source advisory: OSV:GHSA-GC57-XHH5-M94R...

CVE-2023-1617

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...

CVE-2023-23592

WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information...

Pilz PMC programming tool 授权问题漏洞

Pilz PMC programming tool is a PMC programming tool from Pilz. A security vulnerability exists in Pilz PMC programming tool versions 3.x through 3.5.17 and earlier, which originates from the fact that its user's password can be changed by an attacker without knowing the current password...

PT-2022-8323 · 3S Smart Software Solutions +1 · Codesys Development System +1

Name of the Vulnerable Software and Affected Versions: Pilz PMC programming tool versions 3.x through 3.5.16 Description: A security issue allows an attacker to change a user's password without knowing the current password. This is possible in the Pilz PMC programming tool, which is based on the...

Stiltsoft Handy Macros 跨站脚本漏洞

Stiltsoft Handy Macros is a powerful set of macros from Stiltsoft Inc. It is used to create interactive Confluence content. A security vulnerability exists in Stiltsoft Handy Macros version 3.x through versions prior to 3.5.5. An attacker could exploit this vulnerability to inject arbitrary HTML ...

PT-2022-20959 · Unknown · Newsletter Module

Name of the Vulnerable Software and Affected Versions: Newsletter Module versions 3.x Description: The issue is related to a SQL injection vulnerability. It can be exploited via the zemez newsletter email parameter at the "/index.php" API endpoint. Recommendations: For Newsletter Module version...

Silverstripe Framework SQLi Vulnerability

All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject...

Sonatype Nexus Repository Manager 跨站脚本漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A cross-site scripting vulnerability exists in Sonatype Nexus Repository Manager 3.x through 3.37.0. A remote attacker sending a specially...

PT-2022-4819

Name of the Vulnerable Software and Affected Versions Blender versions 2.93.8 through 3.x Description The issue is related to a missing bounds check in the image loader, leading to out-of-bounds heap access. This allows an attacker to cause denial of service, memory corruption, or potentially cod...

Command injection

Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server...