CVE-2026-25498 Craft has a potential authenticated Remote Code Execution via malicious attached Behavior

Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php fails to sanitize user-supplied configuratio...

EUVD-2023-23476

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-23638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against...

phpMyAdmin 跨站脚本漏洞

phpMyAdmin is a free, web-based MySQL database management tool from the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin version 5.x up...

phpMyAdmin 跨站脚本漏洞

phpMyAdmin is a free, web-based MySQL database management tool from the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin version 5.x up...

Contao 安全漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.x prior to version 4.13.40 and version 5.x prior to version 5.3.4, which stems from a cookie mark...

Linux kernel post-release reuse vulnerability (CNVD-2020-08114)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. Linux kernel versions 4.14 longterm through 4.14.165, 4.19 longterm through 4.19.96, and 5.x versions prior to 5.2 have a post-release reuse vulnerability in the...

Open redirect

Drupal versions 5.x and 6.x has open redirection...

CVE-2010-2471

Drupal versions 5.x and 6.x has open redirection...

UBUNTU-CVE-2019-10192

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write ...

Linux kernel information disclosure vulnerability (CNVD-2019-23988)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An information disclosure vulnerability exists in Linux kernel versions 4.1 through 4.x and 5.x prior to 5.0.8. The vulnerability arises from errors such as...

Panasonic FPWIN Pro Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from Trend Micro’s Zero Day Initiative ZDI concerning buffer overflow vulnerabilities in Panasonic FPWIN Pro software. These vulnerabilities were reported to ZDI by security researcher Steven Seeley. Panasonic has produced a new version to mitigate these...

Movable Type Rich Text Editor脚本注入漏洞

Movable Type是一款基于WEB的网络博客系统。 由于通过网页键入的输入在富文本编辑器显示之前缺少过滤。在恶意数据被查看时，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 下列产品和版本存在漏洞： Movable Type Pro version 6.0 Movable Type Pro versions 5.2.x, 5.1x, and 5.0x Movable Type Open Source MTOS versions 5.2.x, 5.1x, and 5.0x Movable Type Advanced / Movable Type...

JVN#69700259: HP Autonomy Ultraseek vulnerable to cross-site scripting

HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's Internet Explorer. Solution Update the Software Update the...

PT-2009-4536 · Drupal · Taxonomy Manager

Name of the Vulnerable Software and Affected Versions: Taxonomy manager versions 5.x before 5.x-1.2 Description: A cross-site scripting XSS issue exists in the term data detail page of the Taxonomy manager module for Drupal. This allows remote authenticated users with specific privileges to injec...

CVE-2008-4791

The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors...

CVE-2008-2773

Cross-site scripting XSS vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...