cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), cc.ddrpa.dorian:forvariz-spring-boot-starter (>=1.0.0 <=1.1.0) +976 more potentially affected by CVE-2025-59952 via io.minio:minio (>=0.2.3 <=8.5.9)

io.minio:minio MAVEN version =0.2.3, =1.0.0, =1.0, =1.0.1, =1.3.1, =1.0.1, =1.3.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.2.2, =11.0.1-RELEASE, =12.0.1-RELEASE and more Source cves: CVE-2025-59952 Source advisory: OSV:GHSA-H7RH-XFPJ-HPCM...

WordPress plugin Soledad 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-16884 · WordPress · Soledad

Name of the Vulnerable Software and Affected Versions: Soledad theme for WordPress versions up to, and including, 8.5.9 Description: The Soledad theme for WordPress is vulnerable to Local File Inclusion via several functions like penci archive more post ajax func, penci more post ajax func, and...

Atlassian Confluence 7.20.x < 8.5.9 Cross-Site Scripting

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.22, 7.20.x prior to 8.5.9 or 8.6.x prior to 8.9.1. It is, therefore, affected by a stored Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested fo...

Grafana Labs Stored XSS (CVE-2022-31097)

According to its self-reported version number, the version of Grafana Labs running on the remote host is affected by a stored cross-site scripting vulnerability: - XSS vulnerability in the Unified Alerting feature of Grafana. After analysis, this stored XSS could be used to elevate privileges fro...

Laravel 代码问题漏洞

Laravel is a web application framework from the Laravel community. A security vulnerability exists in Laravel version v8.5.9 that stems from the presence of a deserialization vulnerability that allows an attacker to execute arbitrary commands...

CVE-2021-28254

A deserialization vulnerability in the destruct function of Laravel v8.5.9 allows attackers to execute arbitrary commands...

PT-2023-12125 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel version 8.5.9 Description: A deserialization vulnerability in the destruct function allows attackers to execute arbitrary commands. Recommendations: For Laravel version 8.5.9, consider disabling the destruct function until a patch is...

Grafana XSS Vulnerability (GHSA-vw7q-p2qg-4m5f)

Grafana is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request...

Atlassian Jira < 7.13.18 Support Entitlement Number Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.3.18, 8.x 8.5.9 or 8.6.x 8.12.1. It is, therefore, affected by an information disclosure vulnerability in the HTTP Response headers allowing a remote attacker with limited...

Atlassian Jira < 7.13.18 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.18, 8.x 8.5.9 or 8.6.x 8.12.2. It is, therefore, affected by an information disclosure vulnerability due to a missing permissions check in the ActionsAndOperations resour...

CVE-2020-14184

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1...

CVE-2020-14184

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1...

CVE-2020-14184

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1...

XSS in Jira issue filter export file via malicious full name - CVE-2020-14184

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. The affected versions are before version 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before...

VMware Fusion 8.x < 8.5.9 Multiple Vulnerabilities (VMSA-2017-0018) (macOS)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 8.x prior to 8.5.9. It is, therefore, affected by multiple vulnerabilities that allow arbitrary code execution or crashing of VMs. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid104851;...

VMware Workstation and Fusion Heap Buffer Overflow Vulnerability

VMWare Workstation and Fusion are both desktop virtual computer software from VMware. The former provides virtual machine functionality that allows you to run several different operating systems at the same time, while the latter is virtual machine software used to run Windows applications on App...

Apache Tomcat Information Disclosure Vulnerability (CNVD-2017-04115)

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems. An information disclosure vulnerability exists in Apache...

CVE-2016-8747

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request...