Drupal AI security vulnerabilities

Drupal AI is a module or solution within the Drupal community that integrates artificial intelligence capabilities. Versions of Drupal AI prior to 1.0.7, 1.1.7, and 1.2.4 contain security vulnerabilities. These vulnerabilities stem from improper input during web page generation, which may lead to...

CVE-2023-45593

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and...

aiven-db-migrate 路径遍历漏洞

aiven-db-migrate is an Aiven open source application. A path traversal vulnerability exists in aiven-db-migrate versions prior to 1.0.7, which stems from an elevation of privilege vulnerability that could lead to superuser privilege acquisition...

CVE-2023-1536

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...

WordPress Frontend Login and Registration Blocks 1.0.7 Privilege Escalation

WordPress Frontend Login and Registration Blocks plugin versions 1.0.7 and below are vulnerable to privilege escalation via account takeover. An unauthenticated attacker can change the administrator's email, trigger the Forgot Password process, and reset the admin password, gaining full control...

WordPress plugin Kundgenerator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

CVE-2024-39351

A vulnerability regarding improper neutralization of special elements used in an OS command 'OS Command Injection' is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models wi...

CVE-2023-47803

A vulnerability regarding improper limitation of a pathname to a restricted directory 'Path Traversal' is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with...

PT-2024-13264 · Unknown · Ailux Imx6 Bundle

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A CWE-613 “Insufficient Session Expiration” issue in the web application exists due to the session cookie sessionid lasting two weeks, which facilitates session hijacking attacks...

CVE-2023-6519

Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7...

CVE-2023-6517

Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users.This issue affects MİA-MED: before 1.0.7...

CVE-2023-6518

Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7...

CVE-2023-6519

Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable.This issue affects MİA-MED: before 1.0.7...

CVE-2023-6515

Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7...

Mia Technology MIA-MED Security Vulnerability

Mia Technology MIA-MED is a hospital management system from Mia Technology. A security vulnerability exists in Mia Technology MIA-MED versions prior to 1.0.7 that originates from allowing an authorized bypass...

Mia Technology MIA-MED Security Vulnerability

Mia Technology MIA-MED is a hospital management system from Mia Technology. A security vulnerability exists in Mia Technology MIA-MED versions prior to 1.0.7 that originates from storing passwords in plaintext. An attacker can exploit the vulnerability to read sensitive strings in an executable...

CVE-2023-34347

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code...

Delta Electronics InfraSuite Device Master 访问控制错误漏洞

Delta Electronics InfraSuite Device Master is a device used to simplify and automate the monitoring of critical equipment from Delta Electronics, Taiwan, China. An access control error vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.7. An attacker could...

PT-2023-8742 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions prior to 1.0.7 Description: The issue is related to a deserialization mechanism flaw in Delta Electronics InfraSuite Device Master, which could allow a remote attacker to execute arbitrary...

SUSE CVE-2018-7050

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick...