7 matches found
CVE-2026-3788
A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of th...
CVE-2026-3748
A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitati...
CVE-2025-27340
CVE-2025-27340 describes a CSRF vulnerability in the WordPress plugin F12-Profiler (versions up to 1.3.9). The issue allows unauthorized cross-site requests due to CSRF weaknesses in the plugin. Public references in the connected docs consistently identify the affected software as the F12-Profile...
PT-2025-7757 · Unknown · F12-Profiler
Name of the Vulnerable Software and Affected Versions: F12-Profiler versions 1.3.9 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized requests. Recommendations: For versions 1.3.9 and earlier, update to a version that contains a fix for th...
CVE-2023-7002 Backup Migration <= 1.3.9 - Authenticated (Admin+) OS Command Injection via url
The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operati...
com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.0 <=1.2.2), org.apache.dolphinscheduler:dolphinscheduler-dist (>=2.0.0 <=2.0.9) +2 more potentially affected by CVE-2023-49068 via org.apache.dolphinscheduler:dolphinscheduler-api (>=1.3.9 <=3.0.6)
org.apache.dolphinscheduler:dolphinscheduler-api MAVEN version =1.3.9, =1.1.0, =2.0.0, =2.0.2, =1.3.9, =3.0.6 Source cves: CVE-2023-49068 Source advisory: OSV:GHSA-C6CG-73P3-973H...
PT-2020-5862 · Containerd +5 · Kubernetes Containerd +4
Name of the Vulnerable Software and Affected Versions: containerd versions prior to 1.3.9 and 1.4.3 Description: The issue is related to the improper exposure of the containerd-shim API to host network containers. Access controls for the shim's API socket verified that the connecting process had ...