VMware Spring Cloud Config 路径遍历漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a path traversal vulnerability, which stems from t...

Astra Linux - уязвимость в python-django

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

CVE-2026-24361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress - Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress - Course Review: from n/a through = 4.1.9...

CVE-2026-23959

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

CVE-2026-23959 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

CVE-2026-23959 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

CVE-2026-23959

CoreShop (Pimcore-based eCommerce) contains an error-based SQL Injection in the admin-facing endpoint /admin/coreshop/customer-company-modifier/duplication-name-check, affecting versions prior to 4.1.9. The root cause is unsafe interpolation of user input into a SQL condition (example pattern: sp...

SQL Injection: Hibernate

Overview coreshop/core-shop is a CoreShop - Pimcore eCommerce Affected versions of this package are vulnerable to SQL Injection: Hibernate via the CustomerTransformerController page in the duplication-name-check endpoint in the admin panel, where user-supplied input is directly embedded into a SQ...

EUVD-2022-1477

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-10163

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU loa...

Linux Distros Unpatched Vulnerability : CVE-2019-3806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some...

CVE-2022-24712

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery CSRF protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for...

WordPress plugin Estatik 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2022-24711

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

CVE-2024-24802

Cross-Site Request Forgery CSRF vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9...

WordPress Master Accordion ( Former WP Awesome FAQ Plugin ) Plugin <= 4.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Master Accordion Former WP Awesome FAQ Plugin Type Plugin Vulnerable versions = 4.1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f4070e91cc4d Credits Rafi...

Django 3.2.x < 3.2.19, 4.1.x < 4.1.9, 4.2.x < 4.2.1 Improper Input Validation Vulnerability - Linux

Django is prone to an input validation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if...

PYSEC-2023-61

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

CVE-2021-4331

The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to se...

WordPress plugin Plus Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...