CVE-2026-22743

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities within the Spring ecosystem. Versions prior to 1.0.5 and 1.1.4 of VMware Spring AI contained security vulnerabilities. These vulnerabilities...

CVE-2025-61789

Icinga DB Web (before 1.1.4 and 1.2.3) allows an authorized user to use a custom variable in a filter that is protected or hidden to guess its values; versions 1.1.4 and 1.2.3 return an error when such a variable is used. Affected product: Icinga DB Web; root cause: filter-enumeration of hidden/p...

Linux Distros Unpatched Vulnerability : CVE-2014-10073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The createresponse function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the...

Linux Distros Unpatched Vulnerability : CVE-2020-7610

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsotype, leading...

PT-2023-25415 · WordPress · Change Wp Admin Login

Name of the Vulnerable Software and Affected Versions: Change WP Admin Login WordPress plugin versions prior to 1.1.4 Description: The issue allows an attacker to disclose the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. Recommendations: For version...

WordPress plugin TinyMCE Custom Styles 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress plugin Redirection 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. uninstall is a plugin used to completely uninstall WordPress. relevant is a relevant...

SUSE CVE-2015-8770

Directory traversal vulnerability in the setskin function in program/include/rcmailoutputhtml.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. dot dot in the skin...

CVE-2022-1611

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF...

CVE-2019-12345

XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress...

CVE-2018-8923

Cross-site scripting XSS vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

Psensor 'create_response' function directory traversal vulnerability

Psensor is a Linux-based open source visualization software for probing hardware temperature. A directory traversal vulnerability exists in the 'createresponse' function of the server/server.c file in versions of Psensor prior to 1.1.4, which stems from the program's failure to detect whether a...

Synology Router Manager (SRM) Denial of Service Vulnerability

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology. A security vulnerability exists in SYNO.Core.PortForwarding.Rule in versions of SRM prior to 1.1.4-6509. A remote attacker could exploit this vulnerability to cause a denial of service memory...

CVE-2017-12077

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager SRM before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack...

CVE-2012-0999

SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the groupid parameter...

PYSEC-2011-31

Cross-site scripting XSS vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload...

PYSEC-2011-31

Cross-site scripting XSS vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload...

dovecot: incorrect handling of negative rights in the ACL plugin

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...

CVE-2008-4577

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...