EUVD-2024-52234

Malicious code in bioql PyPI...

CVE-2025-24672

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople Form Builder CP cp-easy-form-builder allows SQL Injection.This issue affects Form Builder CP: from n/a through = 1.2.41...

CVE-2025-24672

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople Form Builder CP cp-easy-form-builder allows SQL Injection.This issue affects Form Builder CP: from n/a through = 1.2.41...

WordPress Form Builder CP Plugin <= 1.2.41 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Form Builder CP versions = 1.2.41...

PT-2025-5492 · Codepeople · Codepeople Form Builder Cp

Name of the Vulnerable Software and Affected Versions: CodePeople Form Builder CP versions n/a through 1.2.41 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

WordPress plugin Form Builder CP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin Form Builder CP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin For...

PT-2025-2243 · WordPress · Form Builder

Name of the Vulnerable Software and Affected Versions: Form Builder CP plugin for WordPress versions up to and including 1.2.41 Description: The issue is related to SQL Injection via the id parameter of the "CP EASY FORM WILL APPEAR HERE" shortcode. This is due to insufficient escaping on the...

DEBIAN-CVE-2024-54001

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields applicationlanguage, applicationdateformat,applicationtimezone and applicationtimeformat allow arbirary user input which is reflected...

CVE-2024-54001

CVE-2024-54001 affects Kanboard: HTML can be injected via settings fields application_language, application_date_format, application_timezone, and application_time_format, reflected to users and potentially executed as XSS if input contains JavaScript that bypasses CSP. Root cause is unescaped us...

PT-2024-36008 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.41 Description: Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application language, application...

OPENSUSE-SU-2024:10488-1 apache2-mod_jk-1.2.41-1.5 on GA media

These are all security issues fixed in the apache2-modjk-1.2.41-1.5 package on the GA media of openSUSE Tumbleweed...

PT-2024-22413 · Scalapay · Scalapay

Name of the Vulnerable Software and Affected Versions: Scalapay versions 1.2.41 and earlier Description: The issue allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess method. This is a SQL injection vulnerability. Recommendations: For Scalapay...

CVE-2024-28393

SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess method...

SUSE CVE-2014-8111

Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

VulnCheck KEV: CVE-2018-17207

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution...

Apache Tomcat JK Connector 1.2.x < 1.2.41 JkUnmount Directive Handling Remote Information Disclosure

The version of Apache Tomcat JK Connector modjk installed on the remote host is version 1.2.x prior to 1.2.41. It is, therefore, affected by an information disclosure vulnerability due to improper handling of the 'JkUnmount' directive and multiple, adjacent slashes in requests. A remote attacker...

Apache Tomcat JK Connector 1.2.x < 1.2.41 JkUnmount Directive Handling Remote Information Disclosure

Based on the Server response header, the installation of the JK Connector modjk in Apache Tomcat listening on the remote host is version 1.2.x prior to 1.2.41. It is, therefore, affected by an information disclosure vulnerability due to improper handling of the 'JkUnmount' directive and multiple,...

Apache Tomcat Connectors Information Disclosure Vulnerability

Apache Tomcat is a free open source Java Servlet and JSP service program maintained by the Apache Foundation. An information disclosure vulnerability exists in Apache Tomcat Connectors versions prior to 1.2.41. It allows remote attackers to disclose restricted data via unspecified vectors...

CVE-2014-8111

Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...