7 matches found
CVE-2026-40982
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...
CVE-2026-39386
Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...
PT-2024-19700 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 2.9.1 a-blog cms versions 2.9.0 and earlier a-blog cms versions 2.10.x through 2.10.49 a-blog cms versions 2.11.x through 2.11.57 a-blog cms versions 3.0.x through 3.0.28 a-blog cms versions 3.1.x through 3.1.6...
Netatalk Security Vulnerabilities
Netatalk is open source software that provides AFP file server functionality for Classic Mac OS and macOS on Unix-like OS. A security vulnerability exists in Netatalk version 3.1.x through versions prior to 3.1.17. An attacker can exploit the vulnerability to remotely execute code...
DEBIAN-CVE-2022-39956
The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...
Smarty 代码注入漏洞
Smarty is a PHP-based template engine that helps to separate the representation HTML/CSS from the application logic. A code injection vulnerability exists in Smarty versions 3.1.x prior to 3.1.45 and 4.1.x prior to 4.1.1, which can be exploited by a remote attacker to send a specially crafted...
CVE-2013-0189
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service resource consumption via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or...