40 matches found
WordPress Fortis For WooCommerce plugin < 1.3.1 - Sensitive API Key Disclosure vulnerability
Sensitive API Key Disclosure vulnerability discovered by WPScan Team in WordPress Plugin Fortis for WooCommerce versions 1.3.1...
CVE-2026-44542 FileBrowser Quantum: Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an...
FileBrowser Quantum 安全漏洞
FileBrowser Quantum is a file manager developed by Graham Steffaniak. Versions of FileBrowser Quantum prior to 1.3.1-beta and 1.2.2-stable contained security vulnerabilities. These vulnerabilities stemmed from the fact that tokenized download URLs were still exposed through /public/api/share/info...
CVE-2025-48106
Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n/a through 1.3.1...
PT-2025-43162
Name of the Vulnerable Software and Affected Versions CMSSuperHeroes Clanora versions prior to 1.3.1 Description The software contains a flaw related to unrestricted file uploads, potentially allowing the use of malicious files. This could allow an attacker to upload files of dangerous types...
Linux Distros Unpatched Vulnerability : CVE-2018-3719
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the...
CVE-2025-58067
CVE-2025-58067 affects Basecamp’s google_sign_in gem for Rails before 1.3.1. The issue allows a redirect to another origin when the session key proceed_to is a protocol-relative URL, potentially set by a malicious site via form submission and then used in an OAuth2 request. The vulnerability reli...
Google Sign-In for Rails 输入验证错误漏洞
Google Sign-In for Rails is Basecamp's open source software for signing in using Google for Rails applications. An input validation error vulnerability exists in Google Sign-In for Rails versions prior to 1.3.1, which stems from the possibility that the proceedto value could be redirected to...
CVE-2023-0234
The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue...
anything-llm 安全漏洞
anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. A security vulnerability exists in versions of anything-llm prior to 1.3.1, which stems from the multer library's mishandling of path traversal for non-ASCII filenames, which could lead to arbitrary file...
Laravel Pulse 安全漏洞
Laravel Pulse is an open source real-time application performance monitoring tool and dashboard for Laravel applications from The Laravel Framework. A security vulnerability exists in Laravel Pulse versions prior to 1.3.1, which stems from vulnerability to a remote code execution attack that can ...
WordPress Plugin Check (PCP) plugin < 1.3.1 - Cross-Site Scripting vulnerability
Cross-Site Scripting vulnerability discovered by NinTechNet in WordPress Plugin Plugin Check PCP versions 1.3.1...
PT-2024-35952 · Unknown · Centurion Erp
Name of the Vulnerable Software and Affected Versions: Centurion ERP versions prior to 1.3.1 Description: A user with view permissions for a ticket can view the tickets of another organization they are not a part of, if they have specific permissions such as view ticket change, view ticket...
Jamf Compliance Editor Security Vulnerability
Jamf Compliance Editor is a tool from Jamf-Concepts Individual Developers that provides macOS, iOS/iPadOS system administrators with an easy way to establish and manage compliance baselines on their Apple device queues. A security vulnerability exists in versions of Jamf Compliance Editor prior t...
PYSEC-2024-52
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...
PT-2024-27665
Name of the Vulnerable Software and Affected Versions lepture Authlib versions prior to 1.3.1 Description The issue concerns algorithm confusion with asymmetric public keys in lepture Authlib. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric...
PT-2024-23279 · Unknown · Wholesalex
Name of the Vulnerable Software and Affected Versions: WholesaleX versions prior to 1.3.1 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not have access to it...
CVE-2023-41738
Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Directory Domain Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors...
Silicon Labs Unify Gateway 缓冲区错误漏洞
Silicon Labs Unify Gateway is a gateway device in an Internet of Things IoT solution from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs Unify Gateway version 1.3.1 and prior versions, which originates from a stack buffer overflow that can lead to arbitrary code execution...
Nanoleaf Desktop App 命令注入漏洞
Nanoleaf Desktop App is a desktop application from Nanoleaf, Inc. for controlling and managing the settings and features of Nanoleaf smart light panels. A security vulnerability exists in Nanoleaf Desktop App versions prior to 1.3.1 that stems from the presence of a command injection vulnerabilit...