CVE-2026-7699 Dromara MaxKey StrUtils.java StrUtils.checkSqlInjection sql injection

A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +20894 more potentially affected by CVE-2026-40977 via org.springframework.boot:spring-boot (>=3.0.0 <=3.5.13)

org.springframework.boot:spring-boot MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

CVE-2023-6492 Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices

The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'adminnotices' hook found in class-settings.php. This makes it possible...

BIT-MOODLE-2020-14322

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yuicombo needed to limit the amount of files it can load to help mitigate the risk of denial of service...

CVE-2022-44617 affecting package libXpm for versions less than 3.5.17-1

CVE-2022-44617 affecting package libXpm for versions less than 3.5.17-1. An upgraded version of the package is available that resolves this issue...

UBUNTU-CVE-2020-14321

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course...

CVE-2022-27910

In Joomla component 'Joomlatools - DOCman 3.5.13 and likely most versions below' are affected to an reflected Cross-Site Scripting XSS in an image upload function...

Joomlatools DOCman 跨站脚本漏洞

Joomlatools DOCman is Joomlatools' Documentation and Download Manager extension for Joomla! A security vulnerability exists in Joomlatools DOCman 3.5.13, which originates from cross-site scripting in the image upload feature...

CVE-2020-25630

A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported...

PT-2022-8564 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.9.1 Moodle versions prior to 3.8.4 Moodle versions prior to 3.7.7 Moodle versions prior to 3.5.13 Description: The issue is related to the yui combo component, which does not limit the amount of files it can load,...

GLSA-201710-15 : GnuTLS: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201710-15 GnuTLS: Denial of Service A NULL pointer dereference while decoding a status response TLS extension with valid contents was discovered in GnuTLS. Impact : A remote attacker could possibly cause a Denial of Service...

[ASA-201706-12] gnutls: denial of service

Arch Linux Security Advisory ASA-201706-12 ========================================== Severity: Medium Date : 2017-06-13 CVE-ID : CVE-2017-7507 Package : gnutls Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-294 Summary ======= The package gnutls before version...

Patch for Security advisory 2014-05-21 doesn't work in Confluence 3.5.X

h3. Steps to reproduce: Confluence 3.5.13 Installed, booted up Postregres DB Shutdown, applied patch following advisory admin panel not accessible content appears to be missing see errors in the logs: code 2014-05-22 16:28:50,308 ERROR http-8080-1 Standalone.localhost./.action log Servlet.service...

Patch for Security advisory 2014-05-21 doesn't work in Confluence 3.5.X

h3. Steps to reproduce: Confluence 3.5.13 Installed, booted up Postregres DB Shutdown, applied patch following advisory admin panel not accessible content appears to be missing see errors in the logs: code 2014-05-22 16:28:50,308 ERROR http-8080-1 Standalone.localhost./.action log Servlet.service...

Patch for Security advisory 2014-05-21 doesn't work in Confluence 3.5.X

h3. Steps to reproduce: Confluence 3.5.13 Installed, booted up Postregres DB Shutdown, applied patch following advisory admin panel not accessible content appears to be missing see errors in the logs: code 2014-05-22 16:28:50,308 ERROR http-8080-1 Standalone.localhost./.action log Servlet.service...

User can upload attachments to restricted pages that adopt restrictions from parent page

Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...

Mozilla Releases Firefox 3.5.13 and 3.6.10

The Mozilla Foundation has released Firefox 3.5.13 and 3.6.10 to address a stability issue affecting some users. US-CERT encourages users and administrators to review the release notes for Firefox 3.5.13 and Firefox 3.6.10 and apply any necessary updates to mitigate the issue. This product is...