26 matches found
CVE-2026-61958
Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects License Manager for WooCommerce: from n/a through = 3.0.17...
CVE-2019-25449
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...
CVE-2019-25448 OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...
CVE-2019-25447 OrientDB 3.0.17 Cross-Site Request Forgery
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...
OrientDB 跨站请求伪造漏洞
OrientDB is an open-source multi-model database developed by OrientDB. In the version 3.0.17 of OrientDB, there is a vulnerability related to cross-site request forgeing. This vulnerability stems from the lack of token verification at endpoints, which may lead to cross-site request forgeing attac...
OrientDB 跨站脚本漏洞
OrientDB is an open-source multi-model database developed by OrientDB. Version 3.0.17 of OrientDB has a cross-site scripting vulnerability. This vulnerability stems from improper handling of JSON payloads submitted to the document endpoint, which may lead to reflective cross-site scripting attack...
OrientDB 跨站脚本漏洞
OrientDB is an open-source multi-model database developed by OrientDB. In the version 3.0.17 of OrientDB, there is a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the name parameter, which may lead to storage-based cross-site scripting attacks...
PT-2026-21318
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...
CVE-2025-54870
VTun-ng (virtual tunnel over TCP/IP) contains a vulnerability in versions 3.0.17 and earlier where failure to initialize encryption modules can cause a fallback to plaintext due to insufficient error handling. The issue was introduced in 3.0.12 and fixed in 3.0.18. Remediation: upgrade to 3.0.18 ...
VTun-ng 安全漏洞
vtun-ng is an application by Jan-Espen Oversand Individual Developer. A security vulnerability exists in VTun-ng 3.0.17 and earlier versions, which stems from a failure in the initialization of the cryptographic module that could lead to a plaintext transfer...
PT-2024-28229
Name of the Vulnerable Software and Affected Versions Spring Boot versions 2.7.0 through 2.7.21 Spring Boot versions 3.0.0 through 3.0.16 Spring Boot versions 3.1.0 through 3.1.12 Spring Boot versions 3.2.0 through 3.2.8 Spring Boot versions 3.3.0 through 3.3.2 Description Applications that use...
org.apache.pulsar:pulsar-server-distribution (>=3.0.0 <=3.0.17) potentially affected by CVE-2023-51437 via org.apache.pulsar:pulsar-broker-auth-sasl (>=3.0.0 <=3.0.17)
org.apache.pulsar:pulsar-broker-auth-sasl MAVEN version =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2023-51437 Source advisory: OSV:GHSA-C57V-4VG5-CM2X...
WordPress Order Tracking plugin <= 3.0.16 - Authenticated Arbitrary Plugin Settings Update vulnerability
Authenticated Arbitrary Plugin Settings Update vulnerability discovered in WordPress Order Tracking plugin versions = 3.0.16. Solution Update the WordPress Order Tracking plugin to the latest available version at least 3.0.17...
@0x0c/nestjs-swagger (>=6.1.5 <=6.3.1), @1creator/backend (>=1.1.17 <=1.2.151) +1107 more potentially affected by unknown CVE via swagger-ui-dist (>=3.0.17 <=4.1.2)
swagger-ui-dist NPM version =3.0.17, =6.1.5, =1.1.17, =1.1.0-beta.1, =15.0.0, =0.1.0-alpha.1, =0.2.4, =1.2.0, =3.7.0, =1.0.0, =1.0.0, =1.0.0, =1.7.8, =2.2.2, =2.5.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QRMM-W75W-3WPX...
Unspecified Vulnerability in CloudBees Jenkins Aqua Security Scanner Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Aqua Security Scanner Plugin is used in one o...
CVE-2019-10428
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
Atlassian SourceTree 0.5a < 3.0.17 Multiple remote code execution vulnerabilities
The version of Atlassian SourceTree installed on the remote Windows host is version 0.5a prior to 3.0.17. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker ca...
OrientDB 3.0.17 GA Community Edition XSS / CSRF
Exploit Title: OrientDB 3.0.17 GA Community Edition March 7th, 2019 | Multiple Vulnerabilities Date: 07.03.2019 Exploit Author: Ozer Goker Vendor Homepage: https://orientdb.org Software Link: https://orientdb.org/download Version: 3.0.17 GA Community Edition March 7th, 2019 Introduction OrientDB ...
Intel SSD Data Center Tool for Windows Elevation of Privilege Vulnerability
Intel SSD Data Center Tool for Windows is a Windows-based SSD management tool from Intel USA. It supports configuration of SSDs using PCIe and SATA and detects the status of SSDs. A security vulnerability exists in versions of Intel SSD Data Center Tool prior to 3.0.17 for Windows-based platforms...
DEBIAN-CVE-2012-6620
Multiple cross-site scripting XSS vulnerabilities in the 1 tasks and 2 search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...