GitLab 18.8 < 18.10.7 / 18.11 < 18.11.4 / 19.0 < 19.0.1 (CVE-2026-4868)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Authorization Bypass Through User-Controlled Key in GitLab CVE-2026-4868 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2026-1402

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation...

React Server Components are Vulnerable to RCE

Impact There is an unauthenticated remote code execution vulnerability in React Server Components. We recommend upgrading immediately. The vulnerability is present in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of: react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack Patche...

EUVD-2020-20094

Malware in sbrugna...

EUVD-2021-12178

Malware in sbrugna...

EUVD-2022-47165

Malicious code in bioql PyPI...

Adobe InCopy < 18.5.4 / 19.0 < 19.5.0 Arbitrary code execution (APSB24-79)

The version of Adobe InCopy installed on the remote host is prior to 18.5.4, 19.5.0. It is, therefore, affected by a vulnerability as referenced in the APSB24-79 advisory. - InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability...

Adobe InDesign Multiple Vulnerabilities (APSB23-55) - Windows

Adobe InDesign is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:indesignserver";...

WordPress plugin T1 security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-12650 · WordPress · T1 Wordpress Theme

Name of the Vulnerable Software and Affected Versions: T1 WordPress theme versions through 19.0 Description: The issue allows for unauthenticated open redirect, enabling any attacker to redirect users to arbitrary websites. Recommendations: For T1 WordPress theme versions through 19.0, update to ...

Null pointer dereference

Adobe InDesign versions 19.0 and earlier and 17.4.2 and earlier are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requir...

WordPress Client Invoicing by Sprout Invoices Plugin <= 19.0 is vulnerable to Cross Site Scripting (XSS)

Software Client Invoicing by Sprout Invoices Type Plugin Vulnerable versions = 19.0 Fixed in 19.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 631ad2b39f71 Credits Rafie Muhammad...

PT-2022-24250 · F Secure · F-Secure Safe Browser

Name of the Vulnerable Software and Affected Versions: F-Secure SAFE Browser versions prior to 19.0 Description: A Drag and Drop spoof vulnerability was discovered, allowing a spoofing of the address bar when a user performs a drag and drop operation on the address bar. Recommendations: For...

PHP Point of Sale 代码问题漏洞

PHP Point of Sale is an online point of sale system for small retail businesses by PHP Point of Sale, Inc. A security vulnerability exists in PHP Point of Sale LLC version 19.0 that stems from the application's susceptibility to a server-side request forgery attack that allows a back-end server t...

PHP Point of Sale 安全漏洞

PHP Point of Sale is an online point of sale system for small retail businesses by PHP Point of Sale, Inc. A security vulnerability exists in PHP Point of Sale LLC version 19.0, which stems from the application retrieving information about each account within the system by interacting with an...

PT-2022-4853

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to v19.0 MR1 Description A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows a remote attacker to execute code. The vulnerability is being actively exploited by hackers in...

CVE-2022-1807

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1...

CVE-2022-1807

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1...

Dell EMC Data Protection Advisor 跨站脚本漏洞

Dell EMC Data Protection Advisor is a data protection management solution from Dell Dell. The product supports features such as data backup, data recovery and data replication management. Dell EMC Data Protection Advisor: A cross-site scripting vulnerability exists in versions 19.0 through 19.6,...

CVE-2021-25268

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA...