CVE-2026-35070

CVE-2026-35070 affects Dell SmartFabric Storage Software prior to 1.4.5. It is an Improper Neutralization of Special Elements used in a Command (Command Injection) vulnerability, enabling a high-privileged, local attacker to potentially gain filesystem access. The connected documents do not provi...

CVE-2026-35070

Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for...

PT-2026-42126

Name of the Vulnerable Software and Affected Versions Dell SmartFabric Storage Software versions prior to 1.4.5 Description An improper neutralization of special elements used in a command, known as command injection, allows a high privileged attacker with local access to potentially gain...

CVE-2026-32531

CVE-2026-32531: Kunco WordPress Theme (

WordPress Kunco theme < 1.4.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kunco versions 1.4.5...

CVE-2025-58215 WordPress Ziston Theme < 1.4.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Ziston ziston allows PHP Local File Inclusion.This issue affects Ziston: from n/a through 1.4.5...

CVE-2025-58215 WordPress Ziston Theme < 1.4.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Ziston ziston allows PHP Local File Inclusion.This issue affects Ziston: from n/a through 1.4.5...

PT-2025-32376 · Unknown · Openmetadata

Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.4.5 Description: OpenMetadata is susceptible to a SQL injection issue. An attacker can extract information from the database through the listCount function within the TestDefinitionDAO interface. The...

CVE-2025-0668

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5...

CVE-2025-0668 BOINC Server Multiple SQL Injections

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5...

BOINC Server 安全漏洞

BOINC Server is an open source distributed computing platform server from the US-based BOINC organization for creating and managing volunteer computing projects. A security vulnerability exists in BOINC Server versions prior to 1.4.5, which stems from improper input neutralization during web page...

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-1.4.5, which stems from insufficient cleanup of certain class names and could lead to cross-site scripting attacks...

PT-2023-14181 · WordPress · Wordpress Events Calendar

Name of the Vulnerable Software and Affected Versions: The WordPress Events Calendar WordPress plugin versions prior to 1.4.5 Description: The issue concerns a Reflected Cross-Site Scripting problem. It arises because a parameter is not properly sanitized and escaped before being outputted back i...

window-control 安全漏洞

window-control is a package from Bruno Robert's personal developer. It is designed to perform tasks similar to robot.js without mouse control, but without compiling external C++ code. A security vulnerability exists in window-control versions prior to 1.4.5, which stems from incorrect input and i...

GHSA-X8Q8-4HP5-463W Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors...

PT-2021-22882 · Playsms · Playsms

Name of the Vulnerable Software and Affected Versions: playSMS versions prior to 1.4.5 Description: The issue allows for Arbitrary Code Execution by entering PHP code at the tabs-information-page of core main config, and then executing that code via the "index.php?app=main&inc=core welcome" URI...

Roundcube Webmail Cross-Site Scripting Vulnerability (CNVD-2020-36520)

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.3.12 and 1.4.x prior to 1.4.5. The vulnerability stems from a failu...

PT-2020-6405 · Unknown +2 · Roundcubemail +2

Name of the Vulnerable Software and Affected Versions: Roundcube Mail versions prior to 1.4.5 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It is associated with the smtp config in the installer. The vulnerability may allow a remote attacker to impact data...

PT-2014-3429 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.5 Foreman versions 1.5.x prior to 1.5.1 Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to the "tftp/fetch boot file" endpoint...