77 matches found
CVE-2022-0514
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...
CVE-2019-5395
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor versions: prior to 5.0.5.1...
CVE-2019-15650
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes such as disabling unattended theme updates because of a nonce check error...
CVE-2023-43378
A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...
CVE-2023-43378
A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...
CVE-2025-32676 WordPress Verowa Connect plugin <= 3.0.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Blind SQL Injection.This issue affects Verowa Connect: from n/a through = 3.0.5...
CVE-2025-27832
The CVE-2025-27832 issue affects Ghostscript prior to 10.05.0, specifically the NPDL device’s Compression buffer in contrib/japanese/gdevnpdl.c, which leads to a buffer/integer overflow. Public reports from multiple sources (e.g., ALAS/Amazon Linux advisories and Astra Linux bulletin) confirm the...
Xpdf 安全漏洞
Xpdf is a free PDF viewer and toolkit from Xpdf, Inc. that includes a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf 4.05 and earlier versions, which stems from an integer overflow checking error in the PostScript function interpreter code,...
AZL-57207 CVE-2025-27144 affecting package buildah 1.18.0-29
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...
AZL-57120 CVE-2025-27144 affecting package moby-containerd-cc for versions less than 1.7.7-9
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...
CVE-2022-1711
Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.5...
CVE-2024-37486
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5...
CVE-2025-23664
Cross-Site Request Forgery CSRF vulnerability in Real Seguro Viagem Real Seguro Viagem seguro-viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through = 2.0.5...
WordPress MemeOne plugin <= 2.0.5 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin MemeOne versions = 2.0.5...
CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...
WordPress افزونه پیامک ووکامرس Persian WooCommerce SMS plugin <= 7.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by minhtuanact Patchstack Alliance in WordPress Plugin Persian Woocommerce SMS versions = 7.0.5...
CVE-2024-46261
cutepng v1.05 was discovered to contain a heap buffer overflow via the cpmake32 function at cutepng.h...
PT-2024-29390
Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is an out-of-bounds array write triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. Recommendation...
Xpdf 缓冲区错误漏洞
Xpdf is a free PDF viewer and toolkit from Xpdf, Inc. that includes a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf versions 4.05 and earlier, which stems from a vulnerability that allows an attacker to trigger an out-of-bounds array write...
PT-2024-22965
Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is an out-of-bounds array write in Xpdf, triggered by a negative object number in an indirect reference in the input PDF file. This occurs when the software processes a PDF file containing a...