24 matches found
@agentscope-ai/chat (>=1.1.43 <=1.1.68-beta.1780902884191), @ant-design/charts (>=2.2.2 <=2.6.7) +72 more potentially affected by unknown CVE via @antv/g-svg (>=2.0.0 <=2.1.1)
@antv/g-svg NPM version =2.0.0, =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.1.0, =2.0.0, =2.0.0, =0.1.6, =0.1.0, =0.1.0, =1.2.0, =2.0.28, =0.0.18, =0.0.23 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGSVG-16755118...
1byte-react-design (>=1.7.1 <=1.14.0), @aaf-comp/graph-widget (>=1.0.0 <=1.0.3) +246 more potentially affected by unknown CVE via @antv/g-plugin-dragndrop (>=2.0.0 <=2.1.1)
@antv/g-plugin-dragndrop NPM version =2.0.0, =1.7.1, =1.0.0, =1.1.43, =5.0.48, =1.0.1, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =1.0.0, =1.0.0, =1.0.0, =1.1.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINDRAGNDROP-16754940...
@antv/g-mobile-canvas (>=1.0.0 <=1.1.1), @antv/g-mobile-svg (>=1.0.0 <=1.1.1) +1 more potentially affected by unknown CVE via @antv/g-plugin-gesture (>=2.0.0 <=2.1.1)
@antv/g-plugin-gesture NPM version =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINGESTURE-16754438...
CVE-2026-39324 Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization
Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...
Linux Distros Unpatched Vulnerability : CVE-2026-32711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted...
WordPress CC Child Pages plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'childpages' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CC Child Pages versions = 2.0.0...
CVE-2025-59932
Summary: CVE-2025-59932 affects Flag Forge (FlagForgeCTF). From versions 2.0.0 up to before 2.3.1, the /api/resources endpoint allowed POST and DELETE requests without proper authentication or authorization, enabling unauthorized users to create, modify, or delete resources. The issue has been fi...
WordPress Comment Form WP – Customize Default Comment Form plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Bao - BlueRock in WordPress Plugin Comment Form WP Customize Default Comment Form versions = 2.0.1...
WordPress plugin Flatty 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress plugin Wr Age Verification SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
WordPress plugin JS Job Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
@alfresco/adf-testing (=6.0.0-A.2-8258), @aller/svelte-components (>=1.5.1 <=1.5.17) +205 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=2.0.0 <=2.0.6)
http-proxy-middleware NPM version =2.0.0, =1.5.1, =2.0.0, =17.0.0, =9.3.0, =2.3.1, =1.92.0, =1.0.1, =1.0.10, =1015.132.0, =0.0.1, =1.2.0, =0.1.0, =0.1.5 and more Source cves: CVE-2024-21536 Source advisory: SNYK:JS-HTTPPROXYMIDDLEWARE-8229906...
PT-2024-39845 · Zowe · Zowe
Name of the Vulnerable Software and Affected Versions: Zowe versions 1.0.0 through 1.28.8 Zowe versions 2.0.0 through 2.18.0 Description: The health endpoint is public, allowing everybody to see a list of all services, which is potentially valuable information for attackers. Recommendations: For...
be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.1.RELEASE), be.personify.iam:personify-frontend (=1.5.1.RELEASE) +51 more potentially affected by CVE-2023-34036 via org.springframework.hateoas:spring-hateoas (>=2.0.0 <=2.0.4)
org.springframework.hateoas:spring-hateoas MAVEN version =2.0.0, =1.5.0.RELEASE, =1.5.0.RELEASE, =0.2.6, =1.6.9, =1.0, =1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2.0.0, =2.0.4 - com.wizzdi:FlexiCore =7.0.0 and more Source cves: CVE-2023-34036 Source advisory: OSV:GHSA-7M5C-FGWF-MWPH...
@accordproject/concerto-vocabulary (>=1.2.2-20211215122352 <=3.7.1-20230510093225), @adobe/create-franklin-service (>=3.0.0 <=3.0.20) +338 more potentially affected by CVE-2023-2251 via yaml (>=2.0.0-5 <=2.2.1)
yaml NPM version =2.0.0-5, =1.2.2-20211215122352, =3.0.0, =2.1.42, =1.1.5, =14.6.15, =1.11.39, =9.0.0, =2.0.0, =2.0.0, =0.0.1-AHG-001, =0.0.1-AHG-001, =0.0.2, =1.1.2, =1.1.2, =1.1.4 and more Source cves: CVE-2023-2251 Source advisory: OSV:GHSA-F9XV-Q969-PQX4...
be.ugent.idlab.knows:dataio (>=1.2.0 <=1.3.0), be.zvz:KotlinInside (>=1.14.1 <=1.14.2) +326 more potentially affected by CVE-2022-30126 via org.apache.tika:tika-core (>=2.0.0 <=2.3.0)
org.apache.tika:tika-core MAVEN version =2.0.0, =1.2.0, =1.14.1, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =1.9.14, =1.9.14, =21.2.0, =2.2, =2.2, =2.2, =2.2, =2.2, =2.2, =2.4 and more Source cves: CVE-2022-30126 Source advisory: OSV:GHSA-RPJM-422R-95MH...
Wordpress plugin Yooslider Yoo Slider 跨站请求伪造漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in Wordpress plugin Yooslider Yoo Slider 2.0.0 and earlier, which can be exploited by attackers ...
CVE-2022-22108
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of...
hu.blackbelt.osgi.filestore:features (>=1.2.1 <=1.3.0), hu.blackbelt.osgi.filestore:kar (>=1.2.1 <=1.3.0) +40 more potentially affected by CVE-2021-44228 +1 more via org.ops4j.pax.logging:pax-logging-log4j2 (>=2.0.0 <=2.0.11)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =2.0.0, =1.2.1, =1.2.1, =1.0.12, =1.0.12, =2.14.2, =2.19.0, =3.12.0, =3.12.0, =3.14.0 - org.apache.cxf.karaf:apache-cxf =3.5.0 - org.apache.karaf.examples:karaf-docker-example-dynamic-dist =4.3.3 - org.apache.karaf.features:enterprise =4.3.3 ...
UBUNTU-CVE-2020-11086
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlmreadntlmv2clientchallenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0...