12 matches found
OrientDB 跨站脚本漏洞
OrientDB is an open-source multi-model database developed by OrientDB. In the version 3.0.17 of OrientDB, there is a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the name parameter, which may lead to storage-based cross-site scripting attacks...
OrientDB 跨站脚本漏洞
OrientDB is an open-source multi-model database developed by OrientDB. Version 3.0.17 of OrientDB has a cross-site scripting vulnerability. This vulnerability stems from improper handling of JSON payloads submitted to the document endpoint, which may lead to reflective cross-site scripting attack...
OrientDB 跨站请求伪造漏洞
OrientDB is an open-source multi-model database developed by OrientDB. In the version 3.0.17 of OrientDB, there is a vulnerability related to cross-site request forgeing. This vulnerability stems from the lack of token verification at endpoints, which may lead to cross-site request forgeing attac...
PT-2026-21318
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...
CVE-2025-54870
VTun-ng (virtual tunnel over TCP/IP) contains a vulnerability in versions 3.0.17 and earlier where failure to initialize encryption modules can cause a fallback to plaintext due to insufficient error handling. The issue was introduced in 3.0.12 and fixed in 3.0.18. Remediation: upgrade to 3.0.18 ...
VTun-ng 安全漏洞
vtun-ng is an application by Jan-Espen Oversand Individual Developer. A security vulnerability exists in VTun-ng 3.0.17 and earlier versions, which stems from a failure in the initialization of the cryptographic module that could lead to a plaintext transfer...
org.apache.pulsar:pulsar-server-distribution (>=3.0.0 <=3.0.17) potentially affected by CVE-2023-51437 via org.apache.pulsar:pulsar-broker-auth-sasl (>=3.0.0 <=3.0.17)
org.apache.pulsar:pulsar-broker-auth-sasl MAVEN version =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2023-51437 Source advisory: OSV:GHSA-C57V-4VG5-CM2X...
WordPress Order Tracking plugin <= 3.0.16 - Authenticated Arbitrary Plugin Settings Update vulnerability
Authenticated Arbitrary Plugin Settings Update vulnerability discovered in WordPress Order Tracking plugin versions = 3.0.16. Solution Update the WordPress Order Tracking plugin to the latest available version at least 3.0.17...
Unspecified Vulnerability in CloudBees Jenkins Aqua Security Scanner Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Aqua Security Scanner Plugin is used in one o...
CVE-2019-10428
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
Atlassian SourceTree 0.5a < 3.0.17 Multiple remote code execution vulnerabilities
The version of Atlassian SourceTree installed on the remote Windows host is version 0.5a prior to 3.0.17. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker ca...
Linux Kernel IGMP Remote DoS Vulnerability
The Linux Kernel is prone to a remote denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...