CVE-2026-48917

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation...

CVE-2026-34981

The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.downloadfromurl in app/services/fileservice.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...

CVE-2020-37054

Navigate CMS 2.8.7 is affected by a cross-site request forgery that enables attackers to upload malicious extensions via the extension upload feature. The underlying issue allows an attacker to trick authenticated administrators into executing arbitrary file uploads through a crafted HTML page, u...

CVE-2018-25152

CVE-2018-25152 affects Ecessa Edge EV150 10.7.4. A cross-site request forgery allows unauthenticated attackers to add superuser accounts by crafting a page that submits to /cgi-bin/pl_web.cgi/util_configlogin_act. The connected sources confirm the vulnerable component, the endpoint, and the impac...

CVE-2025-64447

CVE-2025-64447 involves a cookie validation flaw in Fortinet FortiWeb. Affected products are FortiWeb 8.0.0–8.0.1, 7.6.0–7.6.5, 7.4.0–7.4.10, 7.2.0–7.2.11, and 7.0.0–7.0.11. The root cause is insufficient validation and integrity checking of cookies, allowing an unauthenticated attacker to perfor...

CVE-2019-25022

An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime.exec without validation...