9 matches found
CVE-2026-4175
A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of...
CVE-2025-59467
A Cross-Site Scripting XSS vulnerability in the UCRM Argentina AFIP invoices Plugin v1.2.0 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin...
EUVD-2025-204404
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...
CVE-2025-67745 Myhoard logs backup encryption key in plain text
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to improper handling of specific path conditions in the authentication process, where the path does not contain / and contains .. An attacker can gain unauthorized access and...
PT-2024-26357 · Sshpiper · Sshpiper
Name of the Vulnerable Software and Affected Versions: sshpiper versions 1.0.50 through 1.2.x Description: The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. This means that any connection that sshpiper is directly or indirectly...
PYSEC-2024-11
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2.Users are recommended to upgrade to version 1.3.0, which fixes the issue...
PT-2023-1572 · Unknown · Gimmie Plugin
Name of the Vulnerable Software and Affected Versions: Gimmie Plugin version 1.2.2 Description: A critical vulnerability was found in the Gimmie Plugin, affecting an unknown function of the file trigger ratethread.php. The manipulation of the t/postusername argument leads to SQL injection. This...
Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection
Overview cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...