8 matches found
CVE-2026-39555
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...
CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
CVE-2025-69516
A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...
CVE-2025-13495
CVE-2025-13495 affects FluentCart A New Era of eCommerce WordPress plugin up to version 1.3.1. The vulnerability is an authenticated SQL Injection via the groupKey parameter, exploitable by Administrators with high privileges. Public advisories (Wordfence, Patchstack, NVD) confirm the issue and p...
WordPress plugin Headline Analyzer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in th...
PT-2024-30895 · Viala · Viala
Name of the Vulnerable Software and Affected Versions: viala versions 1.3.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For versions...
PT-2024-15640 · Unknown · Cxbsoft Url-Shorting
Name of the Vulnerable Software and Affected Versions: CXBSoft Url-shorting versions up to 1.3.1 Description: A critical issue has been found in the processing of the file /admin/pages/update go.php of the component HTTP POST Request Handler. The manipulation of the version argument leads to SQL...
PT-2023-22210 · Apache · Apache Linkis
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.1 and earlier Description: The issue arises because parameters are not effectively filtered in Apache Linkis, allowing an attacker to use the MySQL data source and malicious parameters to configure a new data source...