Astra Linux - уязвимость в node-y18n

The package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution...

CVE-2025-48878

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user e.g. with Service desk agent profile to create a ModuleInstallation object when they shouldn't be able to do so. Version 3.2.2 fixes the issue...

EUVD-2025-50777

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user e.g. with Service desk agent profile to create a ModuleInstallation object when they shouldn't be able to do so. Version 3.2.2 fixes the issue...

CVE-2025-48878

CVE-2025-48878 affects Combodo iTop (3.x) prior to 3.2.2. The vulnerability is an insecure direct object reference that allows a user (e.g., with a Service desk agent profile) to create a ModuleInstallation object when they should not be able to. The issue is resolved in 3.2.2. Impact details are...

CVE-2025-48878 Combodo iTop vulnerable to IDOR with ModuleInstallation object

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user e.g. with Service desk agent profile to create a ModuleInstallation object when they shouldn't be able to do so. Version 3.2.2 fixes the issue...

CVE-2025-48055 Combodo iTop has stored XSS in user portal's browse brick

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0...

CVE-2025-48055 Combodo iTop has stored XSS in user portal's browse brick

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0...

EUVD-2024-54950

Malicious code in bioql PyPI...

GHSA-RRPJ-R8H7-RM7R Apache DolphinScheduler Incorrect Default Permissions Vulnerability

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

Apache DolphinScheduler Incorrect Default Permissions Vulnerability

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43166

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43166

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43115

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43115

CVE-2024-43115 affects Apache DolphinScheduler (pre-3.2.2). The issue is due to improper input validation, permitting an authenticated user to trigger execution of arbitrary shell scripts via the alert script. Upgrading to 3.3.1 is recommended and fixes the vulnerability. There is no exploitation...

Flatboard Pro 跨站脚本漏洞

Flatboard Pro is an open source forum system by Flatboard. A cross-site scripting vulnerability exists in Flatboard Pro versions prior to 3.2.2, which stems from insufficient validation of inputs to the footertext and announcement parameters in config.php, and could lead to a stored cross-site...

WordPress plugin Save as Image Plugin by Pdfcrowd 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Cost Calculator Builder PRO plugin < 3.2.2 - Unauthenticated Price Manipulation vulnerability

Unauthenticated Price Manipulation vulnerability discovered by andrea bocchetti in WordPress Plugin Cost Calculator Builder Pro versions 3.2.2...

PT-2024-30368 · Apache · Apache Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions prior to 3.2.2 Description: A critical issue has been identified in Apache DolphinScheduler, allowing hackers to execute remote code. This poses a significant security risk. The issue affects versions prior to...

PT-2024-13605 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.2.2 and prior Description: The issue allows a local attacker to cause a multimedia player crash by modifying a released pointer. Recommendations: For OpenHarmony versions 3.2.2 and prior, at the moment, there is no...