26 matches found
PT-2026-33777
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description A Server-Side Request Forgery SSRF issue exists in the Glances IP plugin due to improper validation of the public api configuration parameter. The value of public api is passed directly to the urlope...
PT-2026-33776
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description The web server exposes a REST API endpoint '/api/4/' that is accessible without authentication. Due to a permissive Cross-Origin Resource Sharing CORS policy, specifically the...
CVE-2025-14552
The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-14552
The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-14552 MediaPress <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode
The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2026-1428
Name of the Vulnerable Software and Affected Versions MediaPress plugin for WordPress versions up to and including 1.6.1 Description The MediaPress plugin for WordPress is susceptible to Stored Cross-Site Scripting through the mpp-uploader shortcode. This is due to inadequate input sanitization a...
@0xfutbol/id (>=2.0.0 <=2.0.200), @0xkamal7/sui-agent (>=1.1.2 <=1.1.5) +1689 more potentially affected by CVE-2025-66020 via valibot (>=0.31.0-rc.4 <=1.1.0)
valibot NPM version =0.31.0-rc.4, =2.0.0, =1.1.2, =1.2.0-pre.92, =1.2.0-pre.24, =1.2.0-pre.24, =0.0.1, =0.0.1, =0.0.1, =1.2.0-pre.64, =0.0.1, =0.0.1, =0.5.9, =0.5.18, =0.0.2-beta.0, =0.1.1-beta.1, =0.2.0 and more Source cves: CVE-2025-66020 Source advisory: SNYK:JS-VALIBOT-14122017...
EUVD-2017-3112
Malware in sbrugna...
EUVD-2023-32220
Malicious code in bioql PyPI...
CVE-2023-28550
Memory corruption in MPP performance while accessing DSM watermark using external memory address...
Apache Doris Command Execution Vulnerability
Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a command execution vulnerability that originates from an unchecked jdbc driver file used by the jdbc directory, whic...
Apache Doris Security Bypass Vulnerability
Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod function, which can be exploited by an attacker ...
CVE-2023-28550
Memory corruption in MPP performance while accessing DSM watermark using external memory address...
Memory corruption
Memory corruption in MPP performance while accessing DSM watermark using external memory address...
CVE-2023-28550
CVE-2023-28550 affects Qualcomm chipsets, describing memory corruption in MPP performance when accessing the DSM watermark via an external memory address. The vulnerability is tied to improper memory bounds handling within the MPP component, leading to potential high-severity impact (as indicated...
CVE-2023-28550 Improper Restriction of Operations within the Bounds of a Memory Buffer in MPP Performance
Memory corruption in MPP performance while accessing DSM watermark using external memory address...
CVE-2017-11494
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action...
CVE-2017-11494
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action...
Sql injection
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action...
CVE-2017-11494
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action...