CVE-2026-33869

Mastodon vulnerability CVE-2026-33869 affects the 4.5.x branch (before 4.5.8) and the 4.4.x branch (before 4.4.15). An attacker who knows of a quote before it reaches a server can cause the server to misprocess it, resulting in a denial of service for quote authorization. The issue does not affec...

PT-2026-28542

Name of the Vulnerable Software and Affected Versions Mastodon versions 4.5.0 through 4.5.7 Mastodon versions 4.4.0 through 4.4.14 Description Mastodon is a free, open-source social network server based on ActivityPub. An attacker who is aware of a quote before it has reached a server can prevent...

Moodle Prompt Injection Vulnerability (MSA-25-0053)

Moodle is prone to a prompt injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescriptio...

CVE-2024-31259

Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5...

CVE-2024-11145

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5...

CVE-2024-4425 Storing credentials in plaintext in CemiPark

The access control in CemiPark software stores integration e.g. FTP or SIP credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vend...

CVE-2024-4425 Storing credentials in plaintext in CemiPark

The access control in CemiPark software stores integration e.g. FTP or SIP credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vend...

PT-2024-31058 · Cemipark · Cemipark

Name of the Vulnerable Software and Affected Versions: CemiPark software versions 4.5, 4.7, 5.03 Description: The access control in CemiPark software does not properly validate user-entered data, allowing for authentication bypass. An attacker with network access to the login panel can log in wit...

HGiga iSherlock 路径遍历漏洞

HGiga iSherlock is a series of software products from China's Henderson Technology HGiga. A path traversal vulnerability exists in HGiga iSherlock, which stems from the presence of a path traversal vulnerability. An attacker can exploit this vulnerability to download arbitrary system files...

SUSE CVE-2017-15591

An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers who control a stub domain kernel or tool stack to cause a denial of service host OS crash because of a missing comparison of range start to range end within the DMOP map/unmap implementation...

CVE-2022-41296

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210...

GHSA-P9WG-JVJ4-CX26 Typo3 Install Tool XSS Vulnerability

Cross-site scripting XSS vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

HPE OpenCall Media Platform Cross-Site Scripting Vulnerability (CNVD-2020-42023)

HPE OpenCall Media Platform OCMP is a suite of voice and video server and media resource capabilities platform from Hewlett Packard Enterprise HPE, USA. The platform is primarily used for developing and deploying messaging, portal and interactive services. A cross-site scripting vulnerability...

Mercurial Protocol Server Access Control Error Vulnerability

Mercurial is a software developer Matt Mackall developed a set of cross-platform distributed version control software written in Python. The software supports simultaneous processing of plain text and binary files , etc. Protocol server is one of the protocol server . An access control error...

CVE-2016-2957

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response...

UBUNTU-CVE-2012-1607

The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...