22 matches found
CVE-2026-23489
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
CVE-2026-23489
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
CVE-2026-23489
CVE-2026-23489 affects the GLPI plugin Fields . Prior to version 1.23.3, it allows arbitrary PHP code execution by users who can create dropdowns, via the dropdown generation process. The issue has been fixed in version 1.23.3 . Exploitation details are not provided in the available documents; no...
CVE-2026-23489 Fields GLPI plugin vulnerable to RCE in dropdown generation
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
CVE-2026-23489 Fields GLPI plugin vulnerable to RCE in dropdown generation
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
EUVD-2026-12456
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
CVE-2026-23489 Fields GLPI plugin vulnerable to RCE in dropdown generation
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
Fields GLPI plugin 输入验证错误漏洞
The Fields GLPI plugin is an open-source plugin developed by GLPI Project Plugins. Versions of the Fields GLPI plugin prior to 1.23.3 had a vulnerability related to input validation errors. This vulnerability stemmed from allowing users who can create drop-down lists to execute arbitrary PHP code...
PT-2026-25776
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
EUVD-2023-2738
Malicious code in bioql PyPI...
Session fixation
Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the...
PT-2023-29233 · Unknown · Uptime Kuma
Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.23.3 Description: The issue allows attackers with access to a user's device to gain persistent account access due to missing verification of Session Tokens after password changes and/or elapsed inactivity...
WordPress Forminator Plugin <= 1.22.1 is vulnerable to Broken Access Control
Software Forminator Type Plugin Vulnerable versions = 1.22.1 Fixed in 1.23.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 5.4 Developer WPMU DEV PSID 38229dd9fbd0 Credits Unknown Required privilege Subscriber...
EDocman, 1.23.3, XSS (Cross Site Scripting)
developer update https://joomdonation.com/forum/edocman/75400-01st-august-2023-new-version-1-24-7-xss-issue-fixed.html...
Joomla EDocman 1.23.3 Cross Site Scripting Vulnerability
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : extensions.joomla.org │ │ Vendor : Ossolution Team │ │ Software :...
PT-2022-3098 · Cri-O +7 · Cri-O +7
Name of the Vulnerable Software and Affected Versions: CRI-O versions prior to 1.24.1 CRI-O versions prior to 1.23.3 CRI-O versions prior to 1.22.5 CRI-O versions prior to v1.21.8 CRI-O versions prior to v1.20.8 CRI-O versions prior to v1.19.7 Description: A vulnerability in CRI-O causes memory o...
PT-2020-15478 · Jenkins · Jenkins Blue Ocean Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Blue Ocean Plugin versions 1.23.2 and earlier Description: The issue concerns an undocumented feature flag that allows an attacker with specific permissions to read arbitrary files on the Jenkins controller file system. The flag...
PT-2020-15479 · Jenkins · Jenkins Blue Ocean Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Blue Ocean Plugin versions 1.23.2 and earlier Description: A missing permission check in the Jenkins Blue Ocean Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL. The HTTP request itself is...
Phpclanwebsite <= 1.23.3 Fix Pack #5 Multiple Remote Vulnerabilities
No description provided by source. Phpclanwebsite = 1.23.3 Fix Pack 5 File Including/SQL/XSS Multiple Remote Vulnerabilities The description: The set vulnerability in CMS Phpclanwebsite versions 1.23.3 Fix Pack 5 and more low was revealed. 1. Multiple File Including Vulnerabilities Vulnerability...
CVE-2008-3881
Multiple cross-site scripting XSS vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zmhtmlview.php" files...