67 matches found
Yeti Platform 代码注入漏洞
Yeti Platform is an open-source daily threat intelligence platform developed by Yeti Platform. Versions of Yeti Platform prior to 2.1.12 contained a code injection vulnerability. This vulnerability stemmed from server-side template injection during the custom template export function, which could...
EUVD-2024-55571
yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...
CVE-2024-46507
CVE-2024-46507: Yeti Platform prior to 2.1.12 contains a Server-Side Template Injection (SSTI) in the custom template export function that can lead to remote code execution on the application server. Exploitation requires valid credentials (authenticated user). Impact includes arbitrary command e...
Apache MINA Insecure Deserialization
The Apache MINA project has released versions 2.2.7 and 2.1.12 to address multiple deserialization vulnerabilities...
EUVD-2026-17367
The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...
CVE-2026-3191
The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...
PT-2026-29225
The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minify html menu options' function. This makes it possible for unauthenticated attackers to update plugin...
CVE-2026-31822
Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...
Authorization Bypass Through User-Controlled Key
Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via unvalidated resource IDs accepted through LiveArg parameters in multiple LiveComponents. An attacker can access...
CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form
Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...
Sylius 安全漏洞
Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius, which stems from unvalidated resource IDs in multiple stores using LiveComponents. This vulnerability may lead to insecure direct objec...
Sylius 安全漏洞
Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius. This vulnerability stems from the lack of validation for ownership in the POST /api/v2/shop/orders/tokenValue/items endpoint. As a...
MiracleLinux 4 : mailman-2.1.12-14.AXS4.2 (AXSA:2011-73:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-73:01 advisory. Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing...
CVE-2021-41126
October is a Content Management System CMS and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the...
CVE-2025-66088
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through = 2.1.12...
CVE-2025-66088
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through = 2.1.12...
CVE-2025-66088 WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through = 2.1.12...
EUVD-2025-204048
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through = 2.1.12...
PT-2025-52197
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through = 2.1.12...
WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin PropertyHive versions = 2.1.12...