@avorati/strapi-plugin-preview (=1.0.1), @beardeddudes/strapi-types (>=0.1.0 <=0.1.1) +139 more potentially affected by CVE-2026-27886 via @strapi/strapi (>=4.0.2 <=5.36.0)

@strapi/strapi NPM version =4.0.2, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.3.4, =1.4.3 and more Source cves: CVE-2026-27886 Source advisory: OSV:GHSA-RJG2-95X7-8QMX...

CVE-2026-27129

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

CVE-2026-25498

Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php fails to sanitize user-supplied configuratio...

GHSA-RWR8-XRPW-9QF5 solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets

Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...

CVE-2025-67472

Cross-Site Request Forgery CSRF vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through = 4.5.5...

EUVD-2025-35593

Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories...

CVE-2025-61734

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the...

PT-2025-34691 · Pixel & Tonic · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions 4.0.0-RC1 through 4.16.5 Craft versions 5.0.0-RC1 through 5.8.6 Description: Craft is a platform for creating digital experiences. A remote code execution issue exists due to Server-Side Template Injection SSTI in Twig...

CVE-2025-24440

Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2024-9572 · Ibm · Ibm Watson Speech Services Cartridge For Ibm Cloud Pak For Data

Name of the Vulnerable Software and Affected Versions: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data versions 4.0.0 through 5.0.2 Description: The issue is caused by synchronization errors when using a shared resource, potentially allowing a remote attacker to cause a denial of...

PT-2024-19112 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions 4.x through 5.x Description: The issue is related to inadequate encryption strength, allowing an authenticated attacker to execute arbitrary OS commands via encrypted package upload. Recommendations: For Envoy versions 4.x...

PT-2022-28080 · Unknown · Dolibarr Project Timesheet

Name of the Vulnerable Software and Affected Versions: dolibarr project timesheet versions up to 4.5.5 Description: A vulnerability was found in the Form Handler component, leading to cross-site request forgery. The attack can be initiated remotely. Recommendations: For versions up to 4.5.5,...

Bluetooth Core Specification 安全漏洞

The Bluetooth Core Specification is a specification. Defines the technical building blocks used by developers to create the interoperable devices that make up the thriving Bluetooth ecosystem. Overseen by the Bluetooth Special Interest Group SIG and regularly updated and enhanced by the Bluetooth...

CVE-2021-20774

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

SilverStripe has an unspecified vulnerability (CNVD-2020-44911)

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe 4.5 and previous versions of a security vulnerability , attackers can use...

Exploit for Improper Authentication in Eclipse Mosquitto

PoC exploit for CVE-2017-7650, Redis 4.x/5.x RCE. The target product/service is Redis, a key-value store, and the vulnerability class/vector is Remote Code Execution RCE. The probable entry point is the RedisModules module, and the execution context is a Python script redis-rce.py invoked via CLI...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-38071)

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A cross-site scripting vulnerability exists in FusionPBX 4.5.7 and earlier versions, which...

PT-2019-14907 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue in FusionPBX allows unauthorized access to download files due to an unsanitized variable f coming from the URL in the file resourcesdownload.php. This enables an attacker to download an...

CVE-2018-12820

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure...

Hashicorp vagrant-vmware-fusion elevation of privilege vulnerability

Hashicorp vagrant-vmware-fusion is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. A security vulnerability exists in Hashicorp vagrant-vmware-fusion versions 4.0.25 through 5.0.4. An attacker can exploit the vulnerability to...