CVE-2026-3953 Reflected XSS in Gosoft Software's Proticaret E-Commerce

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting XSS, Reflected XSS. This issue affects Proticaret E-Commerce: from v5.0.0 before V 6.0.1767.1383...

EUVD-2026-25154

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

CVE-2026-34381

Admidio versions 5.0.0–5.0.7 rely on adm_my_files/.htaccess to deny direct access, but the Docker image uses AllowOverride None, so Apache ignores .htaccess. This allows unauthenticated HTTP access to uploaded documents if the path is known; the path is disclosed in the upload response JSON. The ...

CVE-2026-32818

Summary of CVE-2026-32818 (Admidio) : In versions 5.0.0–5.0.6, the forum module fails to enforce authorization for topic and post deletions. The handlers for topic_delete and post_delete in forum.php only validate CSRF tokens and do not verify current user permissions, allowing any authenticated ...

CVE-2026-25486

CVE-2026-25486 : Craft Commerce (Craft CMS) versions 5.0.0–5.5.1 contain a stored XSS in the Shipping Methods Name field in Store Management, allowing an attacker with store settings/shipping permissions to execute malicious JavaScript in an administrator’s browser. The issue is fixed in version ...

CVE-2025-68271 Unauthenticated Remote Code Execution in openc3-api

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of...

CVE-2024-56143

Strapi 5.0.0–5.5.1 is vulnerable due to improper sanitization of the document service lookup operator for private fields, enabling an attacker to access sensitive data (e.g., admin passwords, reset tokens). The issue is fixed in Strapi 5.5.2. Affected software, root cause, and impact are corrobor...

Strapi 安全漏洞

Strapi is an open source content management system CMS from the French strapi community. A security vulnerability exists in Strapi versions 5.0.0 through prior to 5.5.2, which stems from a lookup operation in the document service that does not properly clean up the query parameters for private...

CVE-2025-8663

Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.0.0 before 5.2.12...

CVE-2025-0165

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-57757

Contao CMS vulnerability CVE-2025-57757: In Contao versions prior to 5.3.38 and 5.6.1, protected news archives in the news feed are not filtered, causing confidential items to appear in the RSS feed. This is patched in 5.3.38 and 5.6.1. Workaround: do not include protected archives in the feed. A...

PT-2025-34870 · Craft Cms · Craft Cms +1

Name of the Vulnerable Software and Affected Versions: Freeform versions 5.0.0 through 5.10.16 Description: The Freeform plugin for CraftCMS contains a Server-side template injection SSTI vulnerability. This allows for arbitrary code injection for users with permission to edit a form submission...

REDAXO 跨站脚本漏洞

REDAXO is a content management system of REDAXO open source. A cross-site scripting vulnerability exists in REDAXO versions 5.0.0 through 5.18.2, which stems from susceptibility to reflective cross-site scripting attacks...

IBM Aspera 安全漏洞

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An information disclosure vulnerability exists in IBM Aspera versions 5.0.0 through 5.0.9, which can be exploited by an attacker to access packages and obtain...

PT-2024-12125 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.7 Description: The issue is related to missing API rate limiting, which could allow a user to cause a denial of service. Recommendations: For IBM Aspera Faspex versions 5.0.0 through 5.0.7, conside...

CVE-2022-48334

Widevine Trusted Application TA 5.0.0 through 5.1.1 has a drmverifykeys totallen+filenamelen integer overflow and resultant buffer overflow...

Widevine 输入验证错误漏洞

Widevine is a proprietary digital rights management DRM system from Widevine, Inc. An input validation error vulnerability exists in the Widevine Trustlet Application versions 5.0.0 through 7.1.1, which stems from the presence of an integer overflow issue that results in a buffer overflow...

Apache Solr Code Injection Vulnerability

Apache Solr is the United States Apache Apache Software Foundation of a Lucene a full-text search engine based on the search server . The product supports level search , vertical search , highlighting search results and so on. A code injection vulnerability exists in Apache Solr versions 5.0.0...

PT-2019-16999 · Ibm · Ibm Spectrum Scale

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Scale versions 4.1.1 through 5.0.0 Description: A security issue has been identified that could allow sensitive data to be included with service snaps when the CES stack is enabled. Recommendations: For IBM Spectrum Scale version...

PHPMailer Information Disclosure Vulnerability

PHPMailer is a PHP class library for sending e-mail . A local information disclosure vulnerability exists in PHPMailer versions 5.0.0 through 5.2.22. An attacker can exploit this vulnerability to obtain sensitive information...