8 matches found
CVE-2026-24013
CVE-2026-24013 describes an authentication bypass in Apache IoTDB due to insufficient validation of the sessionId in certain Thrift RPC query handlers. An attacker can forge a sessionId and, without openSession authentication, obtain valid query results, enabling unauthorized reading of time-seri...
CVE-2025-69078
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through = 1.3.3...
CVE-2025-59037
DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...
CVE-2025-30629
CVE-2025-30629 is a CSRF vulnerability in Codehaveli Bitly URL Shortener (WordPress plugin) affecting versions up to 1.3.3. Public details confirm CSRF as the issue, with CVSS 3.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) base score 4.3 (Medium). Connected sources (Wordfence, Red Hat) list the vulner...
WordPress plugin Yottie Lite 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-33575 · Unknown · Ferma.Ru.Net
Name of the Vulnerable Software and Affected Versions: FERMA.Ru.Net versions 1.3.3 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command. This allows an...
PT-2024-32615 · Unknown · Move Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor versions 1.3.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Move Addons for...
article-extract (>=0.1.2 <=0.1.3), bookscrape (>=0.0.1.dev1 <=0.0.2b7) +19 more potentially affected by CVE-2021-41125 via scrapy (>=1.3.3 <=1.8.0)
scrapy PYPI version =1.3.3, =0.1.2, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.0.20, =0.9.3, =0.0.1, =1.0.0, =1.0.0, =1.7.2, =1.1.0, =0.1.0, =0.2.3, =0.0.1, =0.1.5, =0.1.8 and more Source cves: CVE-2021-41125 Source advisory: OSV:GHSA-JWQP-28GF-P498...