CVE-2026-32271

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allows any authenticated control panel user to achieve remote code execution through a four-step...

CVE-2026-25758

Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access to...

HTTP Request Smuggling

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the CORS middleware, which copies the Vary header from the request to the response when the origin is not set to "". An attacker can influence cache behavior or...

EUVD-2020-26748

Malware in sbrugna...

CVE-2025-54016 WordPress Videopack plugin <= 4.10.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Gilman Videopack allows DOM-Based XSS. This issue affects Videopack: from n/a through 4.10.3...

GHSA-VQ4P-PCHP-6G6V Apache Camel Missing Header Out Filter Leads to Potential Bypass/Injection Vulnerability

Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10.x LTS and 4.8.6 for 4.8.x LTS. Camel undertow...

CVE-2021-39187

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

RHSA-2022:0055 Red Hat Security Advisory: OpenShift Container Platform 4.10.3 bug fix and security update

Bulletin has no description...

WordPress oik Plugin <= 4.10.3 is vulnerable to Cross Site Scripting (XSS)

Software oik Type Plugin Vulnerable versions = 4.10.3 Fixed in 4.12.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6391 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2605d2118ca1 Credits Rafshanzani Suhada Required...

BIT-PARSE-2021-39187 Crash server with query parameter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

WordPress LearnDash LMS Plugin <= 4.10.2 is vulnerable to Sensitive Data Exposure

Software LearnDash LMS Type Plugin Vulnerable versions = 4.10.2 Fixed in 4.10.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1208 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 27fca665f224 Credits Karl Emil Nikka Required...

CVE-2022-38456

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin = 4.10.3 versions...

CVE-2022-38456

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin = 4.10.3 versions...

Design/Logic Flaw

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2020-36771)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon versions 4.10.3 through 5.0.1. An attacker can explo...

CVE-2020-5567

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu...

CVE-2020-5565

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'...

Cybozu Garoon License Issue Vulnerability

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An authorization issue vulnerability exists in Cybozu Garoon versions 4.0.0 to 4.10.3. A remote attacker can...

Apache Solr 4.0.0 < 4.10.3 Cross-Site Scripting

Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr versions 4.x 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. Note that the scanner has not tested for these issues but has instead relied only on the...

CVE-2016-6419

SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485...