26 matches found
CVE-2026-33737
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...
CVE-2026-32120
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...
EUVD-2026-8583
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...
PT-2026-21681
Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 6.0.0 Description A sensitive data exposure issue exists in Apache Superset that allows authenticated users to retrieve sensitive user information. The '/api/v1/tag' API endpoint, when enabled, improperly...
CVE-2022-50938
The CVE-2022-50938 entry affects CONTPAQi AdminPAQ 14.0.0, describing an unquoted service path in the AppKeyLicenseServer service running as LocalSystem. This allows an attacker who can access the service startup to inject malicious code into the service binary path, potentially gaining arbitrary...
CVE-2024-58040 Crypt::RandomEncryption for Perl uses insecure rand() function during encryption
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...
CVE-2022-29188
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
CVE-2021-3189
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring...
VSCode-Diana 安全漏洞
VSCode-Diana is a VSCode plugin that provides basic language support for DianaScript by the individual developer Taine Zhao. A security vulnerability exists in VSCode-Diana version 0.0.1, which stems from an injection issue in the Jinja2 template handling component in the file Gen.py...
WordPress plugin Posten 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-27552
CVE-2025-27552 affects the Perl DBIx::Class::EncodedColumn component, where the salting of password hashes uses the non-cryptographically secure rand() function in Crypt/Eksblowfish/Bcrypt.pm. The issue impacts DBIx::Class::EncodedColumn up to version 0.00032. According to the connected documents...
MAL-2025-1746 Malicious code in business-kpi-manager-1.0.0 (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-22612
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP ...
Unspecified vulnerability in Tenda W9 (CNVD-2024-23316)
Tenda W9 is a wireless in-wall access point from Tenda, China. A security vulnerability exists in Tenda W9 version 1.0.0.74456, which stems from an incorrect operation of the parameter ssidIndex that can cause a stack-based buffer overflow. No details of the vulnerability are provided at this tim...
Checkmk 输入验证错误漏洞
Checkmk is an editor. Checkmk has a security vulnerability that stems from its incorrect input validation of LDAP user ids allowing an attacker who has control over the LDAP user id to manipulate files on the server. The following versions are affected: 2.1.0p19 and earlier, 2.0.0p32 and earlier,...
PT-2022-6694 · Schneider Electric · Ecostruxure Ev Charging Expert
Name of the Vulnerable Software and Affected Versions: EcoStruxure EV Charging Expert versions prior to V4.0.0.13 Description: A vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin More From Google 0.0 .2 before the version o...
Error on unsupported architectures in raw-cpuid
nativecpuid::cpuidcount exposes the unsafe cpuidcount intrinsic from core::arch::x86 or core::arch::x8664 as a safe function, and uses it internally, without checking the safety requirement: The CPU the program is currently running on supports the function being called. CPUID is available in most...
CVE-2021-38152
index.php/appointment/insertpatientaddappointment in Chikitsa Patient Management System 2.0.0 allows XSS...
GHSA-3C6G-PVG8-GQW2 trentm/json vulnerable to command injection
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function...