32 matches found
CVE-2026-2378
ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...
CVE-2026-32948
sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process"cmd", "/c", ... to run VCS commands git, hg, svn. The URI fragment branch, tag, revision is user-controlled via the build definition and passed to these commands without...
CVE-2026-32948
sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process"cmd", "/c", ... to run VCS commands git, hg, svn. The URI fragment branch, tag, revision is user-controlled via the build definition and passed to these commands without...
CVE-2026-32948 sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows
sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process"cmd", "/c", ... to run VCS commands git, hg, svn. The URI fragment branch, tag, revision is user-controlled via the build definition and passed to these commands without...
CVE-2026-32948
CVE-2026-32948 affects sbt on Windows: when resolving VCS dependencies, sbt uses Process("cmd", "/c", ...), passing a user-controlled URI fragment (branch/tag/revision) without validation. Because cmd /c treats special characters (&, |, ;) as separators, a crafted fragment can inject and execute ...
CVE-2026-2378 Address bar spoofing risk in ArcSearch on Android
ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...
CVE-2026-2378
ArcSearch for Android versions prior to 1.12.7 is affected by an address bar spoofing issue. The browser could display a different domain in the address bar than the actual content after user interaction with crafted web content. Affected product: ArcSearch on Android, versions
CVE-2025-66548
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...
EUVD-2025-201466
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...
PT-2025-49297
Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.12.7 Nextcloud Deck versions prior to 1.14.4 Nextcloud Deck versions prior to 1.15.1 Description Nextcloud Deck is a kanban style organization tool for personal planning and project organization integrated wi...
EUVD-2014-4833
Malware in sbrugna...
EUVD-2019-5974
Malware in sbrugna...
CVE-2024-32827
Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7...
Kuku FM 安全漏洞
Kuku FM is an audiobook audio software from Kuku FM Inc. A security vulnerability exists in Kuku FM v1.12.7, which stems from the android:allowBackup=true setting and could lead to an attacker accessing sensitive plaintext data...
WordPress plugin Giveaways and Contests 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-24902 · Unknown · Giveaways/Contests By Rafflepress
Name of the Vulnerable Software and Affected Versions: RafflePress Giveaways and Contests versions 1.12.7 and earlier Description: The issue is an Authentication Bypass by Spoofing vulnerability that allows Functionality Bypass. Recommendations: For versions 1.12.7 and earlier, update to a versio...
WordPress Giveaways and Contests by RafflePress plugin <= 1.12.7 - IP Restriction Bypass vulnerability
IP Restriction Bypass vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin Giveaways and Contests by RafflePress versions = 1.12.7...
CVE-2023-4689
The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveelements function. This makes it possible for unauthenticated attackers to enable/disable...
CVE-2023-4690
The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveconfig function. This makes it possible for unauthenticated attackers to change configuration...
WordPress plugin Elementor Addon Elements security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...