CVE-2025-48977

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.4 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from a confusion between UCS-2 typ...

CVE-2026-7474 Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

CVE-2026-28512 Pocket ID: OAuth redirect_uri validation bypass via userinfo/host confusion

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...

WordPress plugin Penci AI SmartContent Creator 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-65471

An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-64323

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

CVE-2025-57393

CVE-2025-57393 is a stored cross-site scripting (XSS) vulnerability in Kissflow Work Platform. Affected: Kissflow Application versions 2.0 through 4.2. Root cause: injection of a crafted payload enabling execution of arbitrary web scripts/HTML. Impact: high (confidentiality, integrity, and availa...

PT-2025-37103

Name of the Vulnerable Software and Affected Versions: 299ko versions up to 2.0.0 Description: A weakness exists in 299ko due to path traversal in the getSentDir/delete function of the plugin/filemanager/controllers/FileManagerAPIController.php file. This issue is remotely exploitable, and the...

PT-2025-36164

Name of the Vulnerable Software and Affected Versions: Habibur Rahman Comment Form WP – Customize Default Comment Form versions through 2.0.0 Description: The software contains a cross-site scripting XSS issue due to improper neutralization of input during web page generation. This allows for...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-33082 · Traq · Traq

Name of the Vulnerable Software and Affected Versions: Traq versions 2.0 through 2.3 Description: Traq versions 2.0 through 2.3 contain a remote code execution issue in the admincp/common.php script. The flawed authorization logic does not halt execution after a failed access check, allowing...

au.com.turingg:turingg-files (=0.0.1), au.com.turingg:turingg-mimak (=1.0.0) +874 more potentially affected by CVE-2025-27553 via org.apache.commons:commons-vfs2 (>=2.0 <=2.1)

org.apache.commons:commons-vfs2 MAVEN version =2.0, =0.0.4, =1.0.0, =1.0.0, =3.6.1, =3.11.0, =1.0-alpha-1, =1.0-alpha-1, =0.5, =0.5.1 and more Source cves: CVE-2025-27553 Source advisory: OSV:GHSA-9Q4X-FR4M-JP86...

WordPress IE CSS3 Support Plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin IE CSS3 Support versions = 2.0.1...

IBM Planning Analytics 代码问题漏洞

IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines IBM. The solution supports automated execution of processes such as business planning, budgeting, and analysis. A code issue vulnerability exists in IBM Planning Analytics versions 2.0...

WordPress plugin PayForm 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

WordPress Slick Sitemap plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Slick Sitemap versions = 2.0.0...

WordPress LGPD Framework plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin LGPD Framework versions = 2.0.2...

WordPress Increase upload file size & Maximum Execution Time limit plugin <= 2.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Increase upload file size & Maximum Execution Time limit versions = 2.0...

UBUNTU-CVE-2024-5741

Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 EOL...