CVE-2026-1055

The TalkJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

WordPress plugin TalkJS 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress TalkJS plugin <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'welcomeMessage' Parameter vulnerability discovered by 0x34rth in WordPress Plugin TalkJS versions = 0.1.15...

sqlparse 安全漏洞

sqlparse is Python's non-validating SQL parser. It provides support for parsing, splitting and formatting SQL statements. A security vulnerability exists in sqlparse version 0.1.15 and later. An attacker could exploit this vulnerability to cause a denial of service...

heroku-addonpool command injection vulnerability

heroku-addonpool is a package for managing applications in Heroku. A command injection vulnerability exists in heroku-addonpool version 0.1.15 and earlier. An attacker can exploit this vulnerability to execute arbitrary commands...

CVE-2020-7634

heroku-addonpool through 0.1.15 is vulnerable to Command Injection...

closure-compiler-stream injection vulnerability

closure-compiler-stream is a stream interface to a closure compiler. A security vulnerability exists in closure-compiler-stream version 0.1.15 and earlier, which stems from the program failing to perform any cleanup operations on the user-controllable 'options' parameter. An attacker could use th...

CVE-2020-7603

closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization...

CVE-2019-1010127

VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact eg. code execution or information disclosure. The component is: The header::addFILTERdescriptor method in header.cpp. The attack vector is: The victim must open a...

GHSA-W7Q7-VJP8-7JV4 SQL Injection in typeorm

Versions of typeorm before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation Upgrade to version 0.1.15...

SQL Injection in typeorm

Versions of typeorm before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation Upgrade to version 0.1.15...

VCFtools header::add_INFO_descriptor function information disclosure vulnerability

VCFtools is a package for working with VCF files. An information disclosure vulnerability exists in the header::addINFOdescriptor function in header.cpp in VCFtools 0.1.15. A remote attacker can exploit this vulnerability via a specially crafted vcf file to cause an information disclosure...

VCFtools header::add_FORMAT_descriptor function denial of service vulnerability

VCFtools is a package for working with VCF files. A denial of service vulnerability exists in the header::addFORMATdescriptor function in header.cpp in VCFtools 0.1.15. A remote attacker can exploit this vulnerability via a specially crafted vcf file to cause a denial of service reuse after relea...

VCFtools header::add_INFO_descriptor function denial of service vulnerability

VCFtools is a package for working with VCF files. A denial of service vulnerability exists in the header::addINFOdescriptor function in header.cpp in VCFtools 0.1.15. A remote attacker can exploit this vulnerability via a specially crafted vcf file to cause a denial of service reuse after release...

CVE-2018-11129

The header::addINFOdescriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted vcf file...

DEBIAN-CVE-2018-11129

The header::addINFOdescriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted vcf file...

DEBIAN-CVE-2018-11130

The header::addFORMATdescriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted vcf file...

CVE-2018-11099

The header::addINFOdescriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted vcf file...

CVE-2018-11130

The header::addFORMATdescriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted vcf file...

CVE-2011-4349

Multiple SQL injection vulnerabilities in 1 cd-mapping-db.c and 2 cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and a device id, b property, or c profile id...