5 matches found
PT-2026-28325
Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 Spring AI versions 1.1.0 through 1.1.3 Description Spring AI’s spring-ai-bedrock-converse component has a Server-Side Request Forgery SSRF issue within the BedrockProxyChatModel. This occurs when handling...
PT-2025-44270
Name of the Vulnerable Software and Affected Versions Thumbnail Slider With Lightbox versions up to and including 1.0.4 Description The Thumbnail Slider With Lightbox plugin for WordPress is susceptible to SQL Injection through the id parameter. Insufficient escaping of user-supplied input and...
PT-2023-27306 · Unknown · Social Media Skeleton
Name of the Vulnerable Software and Affected Versions: Social media skeleton versions prior to 1.0.5 Description: Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. This issue...
PT-2023-16622 · Answerdev · Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.5 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the GitHub repository answerdev/answer. Cross-site Scripting XSS is a type of security vulnerability that occurs wh...
Arbitrary Command Injection
Overview portprocesses is a This tool letes you list and kill processes on a specified port. Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary...