38448 matches found
jsrsasign 安全漏洞
jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the bnModInverse function in ext/jsbn2.js, which could cause infinite loops when processing zero or negative...
jsrsasign 安全漏洞
jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from zero-division errors in the parsing and reduction logic of ext/rsa.js and ext/jsbn.js, which could lead to RSA...
PHPGurukul Vehicle Record Management System 安全漏洞
PHPGurukul Vehicle Record Management System is a vehicle record management system developed by PHPGurukul Corporation. Version 1.0 of the PHPGurukul Vehicle Record Management System contains a security vulnerability. This vulnerability arises from improper cleaning of the brandname parameter in t...
PT-2026-27059
Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 11.1.1 Description The jsrsasign package contains a flaw related to division by zero. This issue stems from the RSASetPublic/KEYUTIL parsing path within the 'ext/rsa.js' file and the BigInteger.modPowInt reduction...
Siemens SIMATIC S7-1500 Divide By Zero (CVE-2025-38312)
In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod In fbfindmodecvt, iff mode-refresh somehow happens to be 0x80000000, cvt.frefresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fbcvthperiod,...
SourceCodester Sales and Inventory System SQL注入漏洞
The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from improper handling of the searchtxt...
ROS-20260323-73-0004
A vulnerability in the ptprate function of the Linux kernel is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
PHPGurukul Vehicle Record Management System 安全漏洞
PHPGurukul Vehicle Record Management System is a vehicle record management system developed by PHPGurukul Corporation. Version 1.0 of the Phpgurukul Vehicle Record Management System contains a security vulnerability. This vulnerability arises from improper handling of the Mobile Number parameter...
Code-Projects Exam Form Submission 代码注入漏洞
Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter sname in the file admin/updates3.php, which may...
Advisory ROSA-SA-2026-3223
software: cups-filters 2.0.1 OS: ROSA-CHROME unaffected versions = cups-filters-2.0.1-1 affected versions cups-filters-2.0.1-1 CVE-ID: CVE-2025-64524 BDU-ID: 2026-03142 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CUPS Filters print package is related to an operation exceeding buffer boundarie...
CVE-2026-4542
CVE-2026-4542 affects SSCMS 4.7.0, specifically the LayerImage Endpoint’s LayerImageController.Submit.cs handling of the filePaths argument. The root cause is manipulation of filePaths leading to path traversal. Attack can be performed remotely; exploit maturity is PROOF-OF-CONCEPT. CVSS metrics ...
SUSE CVE-2026-23274
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...
Projectworlds Online Notes Sharing System 安全漏洞
Projectworlds Online Notes Sharing System is an online note-sharing system developed under the open-source Projectworlds framework. Version 1.0 of the Projectworlds Online Notes Sharing System contains a security vulnerability, which stems from incorrect handling of the User parameter in the...
Iperius Backup 安全漏洞
Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Version 6.1.0 of Iperius Backup contains a security vulnerability. This vulnerability stems from an issue with privilege escalation, which could allow low-privilege users to execute arbitrary programs by elevating...
cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4513 via vanna (>=0.0.30 <=2.0.2)
vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4513 Source advisory: SNYK:PYTHON-VANNA-15756488...
EUVD-2026-14015
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for...
CVE-2026-2501 Ed's Social Share <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's socialshare shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-2501
CVE-2026-2501 : The Ed's Social Share WordPress plugin is vulnerable to Stored Cross-Site Scripting via the plugin’s social_share shortcode in all versions up to and including 2.0. The root cause is insufficient input sanitization and output escaping on user-supplied attributes. This enables auth...
CVE-2026-4004
The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...
CVE-2026-3331 Lobot Slider Administrator <= 0.6.0 - Cross-Site Request Forgery to Settings Update
The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.0. This is due to missing or incorrect nonce validation on the fourtyslideroptionspage function. This makes it possible for unauthenticated attackers to modify...