12 matches found
Apache DolphinScheduler has an Incorrect Authorization Vulnerability
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...
CVE-2026-23902
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...
CVE-2025-59784
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...
Traefik 路径遍历漏洞
Traefik is an open source reverse proxy and load balancing tool from Traefik Open Source. A path traversal vulnerability exists in Traefik versions prior to 3.4.1, which stems from mishandling of the path matcher and could lead to bypassing the middleware chain...
AZL-55664 CVE-2024-12085 affecting package rsync for versions less than 3.4.1-1
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...
PT-2023-18789 · Unknown · Shibboleth Service Provider
Name of the Vulnerable Software and Affected Versions: Shibboleth Service Provider SP versions prior to 3.4.1 Description: The issue concerns insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP. This allows an unprivileged local attacker to escalate...
cxf: XSS via the styleSheetPath
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This...
Zammad 代码问题漏洞
Zammad is a Web-based open source helpdesk/customer support system. An information disclosure vulnerability exists in Zammad versions prior to 3.4.1. The vulnerability stems from the way Massenversand's implementation of the SMS configuration interface presents the results of test requests to the...
CVE-2016-10898
The total-security plugin before 3.4.1 for WordPress has XSS...
CVE-2016-10899
The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability...
parse-server denial of service vulnerability
parse-server is an open source Backend-as-a-Service BaaS framework that is primarily used for application backend processing. A security vulnerability exists in parse-server versions prior to 3.4.1. An attacker can exploit this vulnerability to cause a denial of service...
UBUNTU-CVE-2019-8331
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...