56 matches found
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the HideSecretData function that fails to mask predictedLive argument for --server-side-diff command. An attacker can extract last-applied-configuration which may...
CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
EUVD-2026-14239
A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...
EUVD-2026-13931
A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...
PbootCMS SQL注入漏洞
PbootCMS is an open-source enterprise website content management system developed using the PHP language. Versions of PbootCMS 3.2.12 and earlier have a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter Username in the checkUsername function within the...
OPENSUSE-SU-2026:20290-1 Security update for haproxy
This update for haproxy fixes the following issues: - Update to version 3.2.12+git0.6011f448e - CVE-2026-26081: Fixed a DOS vulnerability in QUIC. bsc1257976 - CVE-2026-26080: Fixed a DOS vulnerability in QUIC. bsc1257976...
CVE-2025-12122 Popup Box – Easily Create WordPress Popups <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
CVE-2025-12122
CVE-2025-12122 concerns the WordPress plugin “Popup Box – Easily Create WordPress Popups” where a Stored Cross-Site Scripting (XSS) vulnerability exists via the plugin’s iframeBox shortcode. The issue affects all versions up to and including 3.2.12 and stems from insufficient input sanitization a...
WordPress Popup Box - Easily Create WordPress Popups plugin <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress Popup Box - Easily Create WordPress Popups plugin = 3.2.12 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Popup Box versions = 3.2.12...
Centova Cast 安全漏洞
Centova Cast is an internet-based broadcast streaming media management control panel developed by Centova Corporation in Canada. Version 3.2.12 of Centova Cast contains a security vulnerability. This vulnerability stems from the repeated invocation of the database export API endpoint, which could...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000164)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000164 advisory. An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could resu...
CVE-2025-15153 PbootCMS SQLite Database pbootcms.db file access
A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...
EUVD-2025-202312
HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0...
CVE-2025-11531
HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0...
CVE-2025-11531 HP System Event Utility and Omen Gaming Hub – Potential Arbitrary Code Execution
HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0...
CVE-2025-11531 HP System Event Utility and Omen Gaming Hub – Potential Arbitrary Code Execution
HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0...
CVE-2025-11531
The CVE describes a vulnerability in HP System Event Utility and HP Omen Gaming Hub where certain files could be executed outside restricted paths, potentially enabling arbitrary code execution. Affected software: HP System Event Utility versions before 3.2.12 and Omen Gaming Hub versions before ...
PT-2025-50208
Name of the Vulnerable Software and Affected Versions HP System Event Utility versions prior to 3.2.12 Omen Gaming Hub versions prior to 1101.2511.101.0 Description The HP System Event Utility and Omen Gaming Hub software may permit the execution of files outside of designated restricted paths...
EUVD-2025-3986
Malicious code in bioql PyPI...
CVE-2024-6687
The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender a...