392 matches found
Osclass Security Advisory 3.4.1 - Local File Inclusion
A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter in a render action to oc-admin/index.php. id: CVE-2014-6308 info: name: Osclass Security Advisory 3.4.1 - Local File Inclusion author: daffainfo...
CVE-2026-45738
CVE-2026-45738 : Argo CD contains a Stored XSS in link.argocd.argoproj.io/* annotations that can be rendered as anchor href values in the Summary tab, enabling javascript: execution for a higher-privileged user in the origin session when there is application write access. This is fixed in Argo CD...
CVE-2026-15738 Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller
Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this...
CVE-2026-15738
The CVE-2026-15738 issue affects the AWS Load Balancer Controller prior to version 3.4.2, where incorrect behavior order in Gateway API listener-rule generation can let an authenticated remote user intercept, spoof, or deny another namespace’s gRPC traffic on a shared Gateway via a crafted HTTPRo...
WordPress Vitepos plugin <= 3.4.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by endy in WordPress Plugin Vitepos versions = 3.4.2...
EUVD-2026-39369
Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...
CVE-2026-54841
CVE-2026-54841 affects WordPress Vitepos plugin versions
PT-2026-51686
Name of the Vulnerable Software and Affected Versions ClearSale Total versions prior to 3.4.3 Description An issue exists in the clearsale total push AJAX action where the pagsegurometodo POST parameter is not properly sanitized. The handler is accessible to unauthenticated users via wp ajax nopr...
EUVD-2026-37584
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
EUVD-2026-37582
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...
EUVD-2026-37581
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...
EUVD-2026-37583
Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-42357
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...
CVE-2026-41280
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...
CVE-2026-32966
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-32967
Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-47340 Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-47340 Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-32967 Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-32967
The CVE-2026-32967 issue is an Incorrect Authorization vulnerability in Apache DolphinScheduler's /v2 experimental interface. Affected software: DolphinScheduler before version 3.4.2. Root cause: missing/incorrect permission checks on the /v2 endpoint. Impact: authorization bypass risk for the in...