32 matches found
PT-2026-41636
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...
Fedora 42 : apt / python-apt (2026-e0e9d0d54a)
The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-e0e9d0d54a advisory. Update to latest upstream release apt 3.1.15 and python-apt 3.1.0, also fix a security issue in python-apt ---- Update to latest upstream release apt 3.1.15...
CVE-2022-26332
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...
EUVD-2022-1548
Malicious code in bioql PyPI...
CVE-2025-58435
Open OnDemand is affected: versions prior to 3.1.15 and 4.0.7 fail to rotate the noVNC password when TurboVNC > 3.1.2. The underlying issue enables a user to hijack a session if they obtain a link to an active desktop and the other party is authenticated; impact is limited to authenticated use...
Linux Distros Unpatched Vulnerability : CVE-2019-3809
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it shou...
PT-2025-16345
Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC version V3 1.0.15 Description A command injection issue was discovered in the Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC. The issue occurs via the foldername in the...
CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte
jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...
jte 安全漏洞
jte Java Template Engine is a secure and fast template for Java and Kotlin by the individual developer Andreas Hager. A security vulnerability exists in jte 3.1.15 and earlier versions, which stems from improper escaping of backquotes in JavaScript template strings and is vulnerable to cross-site...
WordPress ImageRecycle pdf & image compression Plugin <= 3.1.14 is vulnerable to Broken Access Control
Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6631 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 297d76ad6b7c Credits Lucio Sá...
Netatalk < 3.1.15 RCE Vulnerability
Netatalk is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netatalk:netatalk...
Cross-site Scripting in Cipi
Cipi 3.1.15 allows Add Server stored cross-site scripting via the /api/servers name field...
GHSA-VPMW-77VM-4MJG Cross-site Scripting in Cipi
Cipi 3.1.15 allows Add Server stored cross-site scripting via the /api/servers name field...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...
CVE-2022-26332
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...
CVE-2022-26332
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...
Cross site scripting
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...
CVE-2022-26332
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...
CVE-2022-26332
CVE-2022-26332 affects Cipi 3.1.15 and enables stored XSS in the /api/servers name field. Multiple sources (NVD entry, Red Hat advisory, Veracode/GHSA, OSV, GITLAB file) confirm a stored XSS condition arising from unsafely accepted input for adding a server, enabling injection of arbitrary JavaSc...
Crafter CMS 安全漏洞
Crafter CMS is an open source content management system CMS for digital experience applications. Crafter CMS is vulnerable to an authorization issue in versions 3.1 through 3.1.15, which stems from a lack of authentication measures or insufficient authentication strength in the web system or...