17 matches found
CVE-2025-66115
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...
CVE-2025-9631
The AutoCatSet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the autocatsetajax function. This makes it possible for unauthenticated attackers to trigger automatic...
CVE-2025-6550
The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slideroptions’ parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-32389
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure ?param0=a1=b2=c utiliz...
CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator...
SMF(Simple Machines Forum) 跨站脚本漏洞
SMF Simple Machines Forum is a free, open source community forum project by Simple Machines Open Source. A cross-site scripting vulnerability exists in SMF Simple Machines Forum version 2.1.4, which stems from improper manipulation of the Notice parameter in the ManageAttachments.php file, and...
PT-2025-11254
Name of the Vulnerable Software and Affected Versions: Civi - Job Board & Freelance Marketplace WordPress Theme plugin versions up to, and including, 2.1.4 Description: The issue is due to a lack of user validation before changing a password, making it possible for unauthenticated attackers to...
CVE-2024-4669
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
TTS API OS Command Injection Vulnerability
The TTS API is a text-to-speech REST API for multiple TTS engines from the individual developer Pedro Trujillo. An operating system command injection vulnerability exists in TTS API version 2.1.4 and earlier, which stems from the onSpeechDone function of a file that can lead to operating system...
CVE-2023-1169
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...
PrestaShop 路径遍历漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop tshirtecommerce 2.1.4 and earlier versions, which stems from the...
UBUNTU-CVE-2022-29189
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...
PT-2022-19441
Name of the Vulnerable Software and Affected Versions Pion DTLS versions prior to 2.1.4 Description The issue concerns a buffer used for inbound network traffic that had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or times out. An...
PYSEC-2021-171
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.SparseConcat. This is because the...
OPENSUSE-SU-2020:1997-1 Security update for blueman
This update for blueman fixes the following issues: - Update to version 2.1.4 CVE-2020-15238: Fixed a local denial-of-service in the D-Bus interface boo1178196...
OpenExif 'ExifJpegHUFFTable::deriveTable' function denial of service vulnerability
OpenExif is an object-oriented library for accessing image files in Exif format. A security vulnerability exists in the 'ExifJpegHUFFTable::deriveTable' function of the ExifHuffmanTable.cpp file in OpenExif version 2.1.4. A remote attacker can exploit this vulnerability to cause a denial of servi...
CVE-2017-8403
360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application...