Velociraptor 安全漏洞

Velociraptor is an open-source tool developed by Velocidex, designed for querying and collecting host-based status information using the Velociraptor Query Language VQL. Versions of Velociraptor prior to 0.76.4 contained security vulnerabilities. These vulnerabilities were due to a...

CVE-2026-0664 Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttontext' parameter in all versions up to, and including, 1.7.1049 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-33527 Parse Server: Session update endpoint allows overwriting server-generated session fields

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0-alpha.48, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST...

chromium-browser: WebAPI Bypass

extensions/renderer/resources/platformapp.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app...