16 matches found
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 0 through prior to 4.0.1, which stems from a URL query component that does not percentile encode CRLF characters, potentially resulting in HTTP request splitting...
free5GC 代码问题漏洞
Free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of Free5GC prior to 4.1.0 contain code vulnerabilities. These vulnerabilities stem from a flaw in the SessionDeletionResponse function within the SMF component, which may lead to null pointer dereferencing...
PT-2026-2179
Name of the Vulnerable Software and Affected Versions CoreShop versions prior to 4.1.8 Description CoreShop is a Pimcore enhanced eCommerce solution. A blind SQL injection exists in the application that allows an authenticated administrator-level user to extract database contents using...
CVE-2020-11456
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php aka survey groups...
CVE-2025-31684
CVE-2025-31684 affects Drupal OAuth2 Client (versions 0.0.0 through 4.1.2). The issue is a Cross-Site Request Forgery (CSRF) vulnerability in the OAuth2 Client module that can enable unauthorized actions on behalf of a user. According to CVSS data, impact includes high integrity and availability ...
WordPress Logo Slider plugin < 4.1.0 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Logo Slider versions 4.1.0...
Dell OpenManage Enterprise 跨站脚本漏洞
Dell OpenManage Enterprise is an easy-to-use, one-to-many systems management console for IT infrastructure management from Dell. The software supports cost-effective, comprehensive lifecycle management of Dell EMC PowerEdge servers from a single console. A cross-site scripting vulnerability exist...
PT-2023-15186 · Repute Infosystems · Armember
Name of the Vulnerable Software and Affected Versions: Repute InfoSystems ARMember plugin versions prior to 4.0.1 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially...
AZL-43768 CVE-2022-25881 affecting package nodejs-nodemon 2.0.3-4
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
Intel Data Center Manager 安全漏洞
Intel Data Center Manager is a software solution from Intel Corporation. It collects and analyzes real-time operating conditions, power, and heat of various devices in the data center to help improve efficiency and uptime. A security vulnerability exists in Intel Data Center Manager software...
CVE-2020-35168
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability...
ECDSA Util 数据伪造问题漏洞
ECDSA Util is a collection of applets for ECDSA. A security vulnerability exists in ECDSA Util versions prior to 0.4.1, which stems from ecdsaverifypreparelegacy not checking that the signature values r and s are non-zero...
CVE-2019-0398
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform Monitoring Application, before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery...
CVE-2019-11119
Insufficient session validation in the service API for IntelR RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access...
AZL-44094 CVE-2018-14042 affecting package python-openstackdocstheme 3.0.0-9
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...
CVE-2018-9118
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter...