Uploady 跨站脚本漏洞

Uploady is a modern secure file upload script developed by Faris AL-Otaibi, designed to support multiple file uploads. Versions of Uploady prior to 3.1.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filename cleaning during the file upload process, whic...

EUVD-2025-24586

Malicious code in bioql PyPI...

CVE-2025-54809

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-54809 F5 Access for Android vulnerability

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-54809

CVE-2025-54809 (F5 Access for Android) affects Android clients of F5 Access prior to version 3.1.2. The vulnerability arises because, when using HTTPS, the client does not verify the remote endpoint identity, enabling potential man-in-the-middle interception. Affected versions are 3.1.0–3.1.1; a ...

CVE-2025-31689

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

AZL-57878 CVE-2025-27516 affecting package python-jinja2 for versions less than 3.1.2-3

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

DeShang DSKMS Access Control Error Vulnerability

DeShang DSKMS is a professional content payment system from DeShang, China. An Access Control Error vulnerability exists in DeShang DSKMS prior to version 3.1.2, which stems from the file public/install.php that results in incorrect access control...

PT-2023-28157 · Corecode · Macupdater

Name of the Vulnerable Software and Affected Versions: CoreCode MacUpdater versions prior to 2.3.8 CoreCode MacUpdater versions 3.x prior to 3.1.2 Description: An XPC misconfiguration issue allows attackers to escalate privileges by crafting malicious .pkg files. Recommendations: For versions pri...

CVE-2023-39250

Dell Storage Integration Tools for VMware DSITV and Dell Storage vSphere Client Plugin DSVCP versions prior to 6.1.1 and Replay Manager for VMware RMSV versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. A security vulnerability exists in TYPO3 versions prior to 3.1.2 and 4.x versions prior to 4.0.2, which stems from allowing XSS attacks via saved emails...

SUSE CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

PT-2022-24536 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.1.2 Description: The issue is a heap overflow vulnerability that can be triggered by local attackers, allowing them to obtain network sensitive information. Recommendations: For OpenHarmony versions prior to...

PT-2022-23361 · Unknown +1 · Openharmony +1

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.1.2 Description: The issue is caused by an incorrect configuration of the cJSON library, leading to a stack overflow vulnerability during recursive parsing. This allows LAN attackers to launch a Denial of Servi...

OESA-2022-1700 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and...

FUDForum 代码问题漏洞

FUDForum is a PHP-based open source forum software.FUDForum versions prior to 3.1.2 are vulnerable to remote code execution. An attacker can use this vulnerability to execute remote code with the help of the upload file function of the file management system in the administration control panel...

GHSA-23WX-CGXQ-VPWX Prototype Pollution in dset

All versions of dset prior to 3.1.2 are vulnerable to Prototype Pollution via dset/merge mode, as the dset function checks for prototype pollution by validating if the top-level path contains proto, constructor or prototype. By crafting a malicious object, it is possible to bypass this check and...

WordPress LearnDash LMS Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.LearnDash LMS is a learning management system building plugin used in it. A cross-site scripting vulnerability exists i...

PT-2020-19376 · WordPress · Learndash Lms

Name of the Vulnerable Software and Affected Versions: LearnDash LMS plugin versions prior to 3.1.2 Description: The issue allows for XSS via the ld-profile search field. Recommendations: For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue...

CVE-2019-15659

The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969...