CVE-2026-10803

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

CVE-2026-10803

MLflow up to 3.10.0 contains a flaw in mlflow.data.digest_utils (Digest Computation) where manipulation leads to use of a weak hash. This affects the Digest Utils function in the Dataset Digest Computation component and enables a local attack. The reported exploitability is high in complexity wit...

CVE-2025-10803

A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the...

CVE-2025-10803

creationtimestamp| type| source ---|---|--- 2025-09-22 15:55:48+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115248761881996926...

RHEL 9 : bzip2 (RHSA-2024:10803)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10803 advisory. The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as...

WordPress MP3 Sticky Player Plugin <= 8.0 is vulnerable to Path Traversal

Software MP3 Sticky Player Type Plugin Vulnerable versions = 8.0 Fixed in 8.1 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2024-10803 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID f73c5492a133 Credits Tonn Required privilege...

CVE-2024-10803

CVE-2024-10803 – MP3 Sticky Player (WordPress) vulnerability : All versions up to and including 8.0 are vulnerable to Directory Traversal via content/downloader.php, allowing unauthenticated attackers to read arbitrary server files. This matches the assessment from Patchstack/Wordfence indicating...

CVE-2024-10803 MP3 Sticky Player <= 8.0 - Unauthenticated Arbitrary File Read/Download

The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

CVE-2024-10803 MP3 Sticky Player <= 8.0 - Unauthenticated Arbitrary File Read/Download

The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

Mageia: Security Advisory (MGASA-2020-0150)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4639-1: phpMyAdmin vulnerabilities

It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. CVE-2018-19968 It was discovered that phpMyAdmin incorrectly handled user input. An...

openSUSE Security Update : phpMyAdmin (openSUSE-2020-1806)

This update for phpMyAdmin fixes the following issues : phpMyAdmin was updated to 4.9.7 boo1177842 : - Fix two factor authentication that was broken in 4.9.6 - Fix incompatibilities with older PHP versions Update to 4.9.6 : - Fixed XSS relating to the transformation feature boo1177561...

openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2020:1806-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-10803

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results in tblgetfield.php and libraries/classes/Display/Results.php. The attacker must be able to insert...

CVE-2020-10803

CVE-2020-10803 affects phpMyAdmin 4.x prior to 4.9.5 and 5.x prior to 5.0.2. The vulnerability is a SQL injection in which crafted data inserted into certain database tables can be retrieved (e.g., via Browse) to trigger an XSS attack in the output (tbl_get_field.php and libraries/classes/Display...

SQL injection relating to data display

PMASA-2020-4 Announcement-ID: PMASA-2020-4 Date: 2020-03-20 Updated: 2020-03-22 Summary SQL injection relating to data display Description An SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. The attac...

CVE-2019-10803

creationtimestamp| type| source ---|---|--- 2020-02-29 00:33:04+00:00| seen| https://t.me/cibsecurity/10188...

CVE-2019-10803

push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...

CVE-2019-10803

CVE-2019-10803 affects push-dir up to version 0.4.1, enabling OS command injection via unsafely passed argument opt.branch to the git command in index.js (line ~139). Connected sources (Red Hat, OSV, Snyk, Veracode, GHSA) consistently describe arbitrary command execution stemming from lack of val...

@3yourmind/yoco (=0.0.2-beta.3), @auto-canary/gh-pages (>=9.16.7-canary.0.b718636d.0 <=11.3.0--canary.2478.87bcf4d47797ed8cc7152538b86fd742d8d19462.0) +7 more potentially affected by CVE-2019-10803 via push-dir (=0.4.1)

push-dir NPM version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on push-dir and may be impacted: - @3yourmind/yoco =0.0.2-beta.3 - @auto-canary/gh-pages =9.16.7-canary.0.b718636d.0, =9.17.0, =1.0.0, =0.0.16, =0.0.37, =0.0.1, =0.1.1, =0.7.12...