14 matches found
GHSA-4948-F92Q-F432 @nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading
Summary The queryParentSQL function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using parameterized queries. The nodeIds array contains primary key values read from database rows. An attacker who can create a record with a...
CVE-2025-62380
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...
CVE-2025-62380
Mailgen (Node.js) versions up to 2.0.31 expose an HTML injection/XSS risk in plaintext output generated by generatePlaintext. The plaintext cleaning code strips HTML tags with a regex, decodes HTML entities, and then replaces decoded content; however, HTML tags containing certain Unicode line sep...
EUVD-2025-34141
The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2025-8836 affecting package jasper for versions less than 2.0.32-5
CVE-2025-8836 affecting package jasper for versions less than 2.0.32-5. A patched version of the package is available...
AZL-66198 CVE-2025-8837 affecting package jasper for versions less than 2.0.32-5
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpcdecdump of the file src/libjasper/jpc/jpcdec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public...
WordPress Extensions for Elementor plugin <= 2.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via EE Events and EE Flipbox Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via EE Events and EE Flipbox Widget vulnerability discovered by stealthcopter in WordPress Plugin Extensions for Elementor versions = 2.0.32...
RHCOS 4 : OpenShift Container Platform 4.13.25 (RHSA-2023:7606)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7606 advisory. - haproxy: Proxy forwards malformed empty Content-Length headers CVE-2023-40225 Note that Nessus has not tested for this issue but has instea...
Ubuntu 20.04 LTS : HAProxy vulnerability (USN-6294-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6294-2 advisory. USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Tenable has extracted the preceding description...
CVE-2021-26927 affecting package jasper for versions less than 2.0.32-2
CVE-2021-26927 affecting package jasper for versions less than 2.0.32-2. An upgraded version of the package is available that resolves this issue...
CVE-2021-3467 affecting package jasper for versions less than 2.0.32-2
CVE-2021-3467 affecting package jasper for versions less than 2.0.32-2. An upgraded version of the package is available that resolves this issue...
Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation
Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30 Metadata =================================================== Release Date: 29-Jun-2021 Author: Florian Bogner @ https://bee-itsecurity.at Affected product: Securepoint SSL VPN Client Fixed in: version 2.0.32 Tested on: Windows 10 x64...
WordPress WorkScout premium theme <= 2.0.31 - Cross-Frame Scripting (XFS) vulnerability
Cross-Frame Scripting XFS vulnerability discovered by m0ze Patchstack Red Team in WordPress WorkScout premium theme versions = 2.0.31. Solution Update the WordPress WorkScout premium theme to the latest available version at least 2.0.32...
Gentoo Security Advisory GLSA 200411-08 (GD)
The remote host is missing updates announced in advisory GLSA 200411-08. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...