CVE-2025-32966

CVE-2025-32966 affects DataEase, an open-source BI tool. The vulnerability allows authenticated users to achieve remote code execution through the backend JDBC link in versions before 2.10.8. A fix is available in 2.10.8, addressing the RCE vector. Multiple connected sources (Red Hat, NVD, CVE li...

CVE-2025-32966 Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8...

CVE-2024-24843

Cross-Site Request Forgery CSRF vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8...

PT-2024-15674

Name of the Vulnerable Software and Affected Versions The Simple Job Board plugin for WordPress versions up to, and including, 2.10.8 Description The issue allows unauthorized access to data due to insufficient authorization checking on the fetch quick job function. This makes it possible for...

OESA-2022-1577 obs-server security update

Security Fixes: A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Servi...

Design/Logic Flaw

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...

GHSA-663J-RJCR-789F CSV injection in shuup

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

Shuup 跨站脚本漏洞

Shuup is an open source e-commerce platform based on Django and Python from Shuup Inc. in the United States. A cross-site scripting vulnerability exists in Shuup versions 1.6.0 through 2.10.8 that allows execution of arbitrary javascript code on the victim's browser...

PYSEC-2021-355

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

Shuup 注入漏洞

Shuup is an open source e-commerce platform based on Django and Python from Shuup, Inc. Shuup suffers from an injection vulnerability that stems from a formula injection vulnerability affecting Shuup applications in versions 0.4.2 through 2.10.8. A customer can inject a payload into the name inpu...

DEBIAN-CVE-2020-8031

A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prio...

UBUNTU-CVE-2020-8031

A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prio...

CVE-2020-8031

A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prio...

CVE-2020-8031 obs: Stored XSS

A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prio...

Denial Of Service (DoS)

pidgin is vulnerable to denial of service DoS attacks. The vulnerability exists as the Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service application crash via crafted byte sequences...

phpList <= 2.10.8 - Local File Inclusion Vulnerability

No description provided by source...

openSUSE Security Update : pidgin / pidgin-branding-openSUSE (openSUSE-SU-2014:0239-1)

Update to version 2.10.8 bnc861019 : + General: Python build scripts and example plugins are now compatible with Python 3 pidgin.im15624. + libpurple : - Fix potential crash if libpurple gets an error attempting to read a reply from a STUN server CVE-2013-6484. - Fix potential crash parsing a...

KLA10433 Multiple vulnerabilities in Pidgin

Multiple serious vulnerabilities have been found in Pidgin. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary programs and other unknown impact. Below is a complete list of vulnerabilities 1. Improper traffic restrictions can be exploited remotely via...

Pidgin Multiple Vulnerabilities (Feb 2014) - Windows

Pidgin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pidgin:pidgin"; ifdescription...

CVE-2012-6152

The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service application crash via crafted byte sequences...