Drupal Date iCal 安全漏洞

Drupal Date iCal is a Drupal calendar export module developed by the Drupal company. Versions of Drupal Date iCal prior to 4.0.15 contained security vulnerabilities, which were due to lack of authorization and could lead to forced browsing...

CVE-2025-68951

phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an...

CVE-2025-68951

phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an...

EUVD-2025-35551

Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through = 4.0.15...

CVE-2025-49899

Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through = 4.0.15...

PT-2025-43171

Name of the Vulnerable Software and Affected Versions Whydonate versions through 4.0.15 Description A missing authorization flaw exists in Whydonate, potentially allowing access to functionality that should be restricted by Access Control Lists ACLs. This could allow unauthorized access to certai...

EUVD-2024-35067

Malicious code in bioql PyPI...

CVE-2025-26768

Cross-Site Request Forgery CSRF vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through = 4.0.15...

CVE-2025-26768

CVE-2025-26768 is a CSRF-to-Stored XSS vulnerability in the WordPress plugin what3words Address Field (versions up to 4.0.15). The issue allows stored cross-site scripting via CSRF, affecting the plugin’s Address Field from “n/a through 4.0.15.” The associated CVSS 3.1 base score is 7.1 (HIGH): v...

WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin what3words Address Field versions = 4.0.15...

PYSEC-2024-290

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...

PYSEC-2024-99

OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords...

OpenSlides 安全漏洞

OpenSlides is a free, web-based presentation and assembly system from OpenSlides Open Source. It is used to manage and project agendas, motions and elections for assemblies. A security vulnerability exists in OpenSlides version 4.0.15 that originates from validating a password by comparing the...

PT-2024-19601 · Unknown · Openslides

Name of the Vulnerable Software and Affected Versions: OpenSlides version 4.0.15 Description: The issue allows attackers to obtain information about the password hash using a timing attack, as the password verification function in OpenSlides has content-dependent runtime. This means the function...

CVE-2023-26859

SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component...

PT-2023-20829 · Prestashop · Prestashop Sendinblue

Name of the Vulnerable Software and Affected Versions: PrestaShop sendinblue versions 4.0.15 and earlier Description: A SQL injection issue allows a remote attacker to gain privileges via the ajaxOrderTracking.php component. Recommendations: For PrestaShop sendinblue versions 4.0.15 and earlier,...

Fedora 28 : php-symfony4 (2018-6edf04d9d6)

Version 4.0.15 2018-12-06 - security CVE-2018-19790 Security\Http detect bad redirect targets using backslashes @xabbuh - security CVE-2018-19789 Form Filter file uploads out of regular form types @nicolas-grekas Note that Tenable Network Security has extracted the preceding description block...

LiteSpeed < 4.0.15 Information Disclosure Vulnerability - Active Check

LiteSpeed Web Server is prone to a vulnerability that lets attackers access source code files. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...