CVE-2021-47980

Fuel CMS 1.4.13 is affected by a blind SQL injection via the col parameter in the Activity Log interface. Authenticated attackers can craft requests to the logs endpoint with malicious SQL payloads in col to influence database queries and infer data based on response-time delays. The provided doc...

CVE-2026-41195 mosparo: Rule package source URL stored SSRF enables internal HTTP probing

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

CVE-2026-41195 mosparo: Rule package source URL stored SSRF enables internal HTTP probing

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

CVE-2026-41195

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

CVE-2026-41195

In mosparo, a vulnerability exists prior to version 1.4.13 where a project member with the editor role can abuse the automatic rule package source URL feature to store an attacker-controlled URL that the server fetches. The server follows HTTP/HTTPS redirects and does not restrict private or loop...

PT-2026-40450

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

EUVD-2018-21816

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

CVE-2018-25296 P10 Central Management Software 1.4.13 Denial of Service

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

PT-2026-35266

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

Ambient P10 Central Management Software 安全漏洞

Ambient P10 Central Management Software is a management software developed by the American company Ambient, designed for centralized management and monitoring of the operating status of devices and systems. Version 1.4.13 of Ambient P10 Central Management Software contains a security vulnerabilit...

CVE-2025-13409

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress plugin Form Vibes – Database Manager for Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

CVE-2025-65817

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in startapp.sh...

CVE-2025-65817

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in startapp.sh...

CVE-2025-65817

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in startapp.sh...

PT-2025-52682

Name of the Vulnerable Software and Affected Versions LSC Smart Connect Indoor IP Camera version 1.4.13 Description The LSC Smart Connect Indoor IP Camera version 1.4.13 contains a remote code execution issue in the start app.sh script. Recommendations At the moment, there is no information about...

LSC Smart Connect Indoor IP Camera 安全漏洞

LSC Smart Connect Indoor IP Camera is an indoor IP camera driver from LSC Smart Connect. A security vulnerability exists in LSC Smart Connect Indoor IP Camera version 1.4.13, which stems from a remote code execution vulnerability in startapp.sh...

CVE-2025-65817

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in startapp.sh...

SUSE CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

Fedora 42 : open62541 (2025-c2afaee8fe)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-c2afaee8fe advisory. Changes in v1.4.13: server: Cover edge-case in the EventFilter validation client: Cover edge-case in the UserTokenPolicy validation arch: Process delayed...