5 matches found
GO-2025-4085 Zitadel allows brute-forcing authentication factors in github.com/zitadel/zitadel
Zitadel allows brute-forcing authentication factors in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...
CVE-2025-59940 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8...
CVE-2024-3957
The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...
PT-2022-24596 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM version 7.1.8 Description: The issue allows the browser to send plain text cookies over an insecure channel HTTP due to a Missing Secure Flag. An attacker may capture the cookie from the insecure channel using a Man-In-The-Middle MITM...
EspoCRM 安全漏洞
EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM version 7.1.8 that stems from the presence of a missing security flag that allows...