26 matches found
EUVD-2013-4178
Malware in sbrugna...
EUVD-2025-24741
Malicious code in bioql PyPI...
CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...
CVE-2025-58362
Hono web framework (versions 4.8.0–4.9.5) contains a flaw in the getPath utility (parsing in utils/url.ts) that can cause path confusion when handling certain malformed absolute-form Request-URIs, potentially bypassing proxy-level ACLs (e.g., Nginx location blocks). The root cause is reliance on ...
CVE-2025-30998
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects WP Links Page: from n/a through = 4.9.6...
CVE-2025-30998
CVE-2025-30998 affects WordPress WP Links Page (versions up to 4.9.6). Root cause: improper neutralization of special elements in SQL commands, enabling SQL injection. Impact per available data: potential high confidentiality impact and low availability impact (CVSS 3.1 base 8.5). Public document...
WordPress plugin WP Links Page SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP Links...
CVE-2025-3527
The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-3527
CVE-2025-3527 concerns the EventON Pro WordPress plugin (WordPress Virtual Event Calendar Plugin) up to version 4.9.6. The issue is a missing capability check in assets/lib/settings/settings.js that allows authenticated attackers with Subscriber-level access and above to inject arbitrary web scri...
CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...
WordPress ChatBot Plugin 4.8.6-4.9.6 is vulnerable to Cross Site Scripting (XSS)
Software ChatBot Type Plugin Vulnerable versions 4.8.6-4.9.6 Fixed in 4.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5606 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5c671cd5cf6e Credits Huynh Tien Si Required...
GHSA-X3CQ-8F32-5F63 Apache RocketMQ may have remote code execution vulnerability when using update configuration function
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
SUSE CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions...
SUSE CVE-2020-26935
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...
OPENSUSE-SU-2020:1675-1 Security update for phpMyAdmin
This update for phpMyAdmin fixes the following issues: - phpMyAdmin was updated to 4.9.6 CVE-2020-26934: Fixed an XSS relating to the transformation feature boo1177561. CVE-2020-26935: Fixed an SQL injection in SearchController boo1177562...
Stored Cross-Site Scripting Vulnerability in CatFishCMS V4.9.6
CatfishCMS is an open source content management system CMS written in PHP. A stored cross-site scripting vulnerability exists in CatFishCMS V4.9.6. An attacker can insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...
DEBIAN-CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions...
CVE-2018-18435
KioWare Server
KioWare Server Elevation of Privilege Vulnerability
KioWare is a suite of self-service terminal browser software. The software has the ability to restrict end-user access to specific interfaces. A security vulnerability exists in KioWare Server 4.9.6 and prior versions. An attacker can exploit this vulnerability by replacing the KWSService service...