CVE-2025-14809

ArcSearch on Android versions prior to 1.12.6 is affected by an address-bar spoofing issue where the address bar could show a different domain than the displayed content after user interaction with crafted web content. The Root cause is described as navigation/URI confusion in the ArcSearch Andro...

CVE-2025-14809 Address bar spoofing risk in ArcSearch on Android

ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

Browser Company ArcSearch 安全漏洞

Browser Company ArcSearch is a mobile browser from Browser Company, Inc. A security vulnerability exists in Browser Company ArcSearch versions prior to 1.12.6 that originates from address bar spoofing and could lead to misleading user interaction...

EUVD-2021-1299

Malware in sbrugna...

CVE-2020-22609

Cross Site Scripting XSS vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php...

CVE-2023-45765

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through = 1.12.6...

PT-2025-1496 · Wedevs · Wedevs Wp Erp

Name of the Vulnerable Software and Affected Versions: weDevs WP ERP versions 1.12.6 and earlier Description: The issue is related to a missing authorization vulnerability in weDevs WP ERP, which allows exploiting incorrectly configured access control security levels. Recommendations: For weDevs ...

WordPress plugin WP ERP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP ERP Plugin <= 1.12.6 is vulnerable to Broken Access Control

Software WP ERP Type Plugin Vulnerable versions = 1.12.6 Fixed in 1.12.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45765 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID eeeca321fd76 Credits Abdi Pranata Required privileg...

olcne istio istio security update

olcne 1.3.5-1 - Update Istio to 1.12.6prometheus-2.30.1, grafana-7.5.15 istio 1.12.6-1 - Addresses CVE-2022-24726, CVE-2022-24921 istio 1.11.4-1 - Added Oracle specific files for 1.11.4-1...

osTicket cross-site scripting vulnerability (CNVD-2021-48883)

osTicket is a widely used and trusted open source work order support ticket system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.12.6. An attacker can exploit this vulnerability via the queue-name parameter in include/ajax.search.php...

CVE-2020-15111

In Fiber before version 1.12.6, the filename that is given in c.Attachment https://docs.gofiber.io/ctxattachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the...

PT-2017-13809 · Docker +1 · Docker Ce +2

Name of the Vulnerable Software and Affected Versions: Docker-CE Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier Description: The issue is related to a lack of content verification, allowing a remote attacker to cause a Denial of Service...