11 matches found
WordPress VegaDays theme <= 1.2.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme VegaDays versions = 1.2.0...
WordPress VikRentItems Flexible Rental Management System plugin <= 1.2.0 - Reflected Cross-Site Scripting via 'delto' Parameter vulnerability
Reflected Cross-Site Scripting via 'delto' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin VikRentItems Flexible Rental Management System versions = 1.2.0...
GHSA-GCQF-PXGG-GW8Q Dpanel has an arbitrary file read vulnerability
Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...
CVE-2025-53363
Summary: Dpanel (Go) versions 1.2.0–1.7.2 are affected by an arbitrary file read vulnerability in /api/app/compose/get-from-uri. The GetFromUri function passes the user-provided uri directly to os.ReadFile, enabling an authenticated user to read arbitrary files on the host and disclose sensitive ...
CVE-2025-54694
Cross-Site Request Forgery CSRF vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through = 1.2.0...
PT-2024-36790
Name of the Vulnerable Software and Affected Versions pyrage versions 1.2.0 through 1.2.2 Description The issue concerns the execution of arbitrary binaries due to malicious plugin names, recipients, or identities. This can occur when a plugin name containing a path separator is provided to the a...
PT-2024-20651 · Openeuler · Aops-Zeus +1
Name of the Vulnerable Software and Affected Versions: openEuler aops-zeus versions 1.2.0 through 1.4.0 Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection', which allows Command Injection. This problem is...
br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +91 more potentially affected by CVE-2018-1000182 via org.jenkins-ci.plugins:git (>=1.2.0 <=3.9.0)
org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2018-1000182 Source advisory: OSV:GHSA-53WF-VQF9-CGF2...
@apollosproject/apollos-cli (>=2.43.1 <=3.0.0-canary.57), @apollosproject/react-native-make (>=3.0.4 <=3.0.5) +22 more potentially affected by CVE-2021-29060 via color-string (>=1.2.0 <=1.5.3)
color-string NPM version =1.2.0, =2.43.1, =3.0.4, =3.0.2, =1.0.0, =2.1.2, =3.0.1, =2.4.0, =3.2.4, =0.0.0-alpha.1, =0.0.0, =0.0.0, =0.0.0, =0.0.3, =0.0.0, =0.0.7 and more Source cves: CVE-2021-29060 Source advisory: SNYK:JS-COLORSTRING-1082939...
Apache Tomcat Native Authentication Vulnerability (CNVD-2018-15547)
Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems.Apache Tomcat Native is a support for the use of native...
PT-2017-3183 · Bchunk +1 · Bchunk +1
Name of the Vulnerable Software and Affected Versions: bchunk versions 1.2.0 through 1.2.1 Description: The issue is related to pointer dereference errors. It can be exploited by a remote attacker using a specially crafted .cue file, potentially causing the application to crash. The problem arise...