Horilla 安全漏洞

Horilla is a free and open source human resources software from Horilla Inc. A security vulnerability exists in Horilla versions prior to 1.4.0, which stems from the presence of stored cross-site scripting in the ticket comment editor that could cause a low-privileged user to execute arbitrary...

Horilla 代码问题漏洞

Horilla is a free and open source HR software from Horilla Inc. A code issue vulnerability exists in Horilla versions prior to 1.4.0 that stems from a file upload process that performs only browser-side validation without implementing server-side checks, which could lead to stored cross-site...

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

CVE-2025-4681

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0...

CVE-2025-4680

Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0...

upKeeper Instant Privilege Access 安全漏洞

upKeeper Instant Privilege Access is a privilege management system from the Swedish company upKeeper. A security vulnerability exists in upKeeper Instant Privilege Access versions prior to 1.4.0, which stems from improper input validation and could lead to an access control misconfiguration...

WordPress Themes Coder plugin < 1.4.0 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin Themes Coder versions 1.4.0...

CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking

Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...

PrivateBin 跨站脚本漏洞

PrivateBin is a minimalist open source online pastebin. PrivateBin versions prior to 1.4.0 have a cross-site scripting vulnerability , the vulnerability stems from the SVG can contain JavaScript. attackers use this vulnerability to execute code...

Synology MailPlus Server Disclaimer Cross-Site Scripting Vulnerability

Synology MailPlus Server is an email service suite from Synology. The product supports managing user accounts, email records, etc. Disclaimer is one of the disclaimer modules. A cross-site scripting vulnerability exists in Disclaimer in Synology MailPlus Server versions prior to 1.4.0-0415. A...

PT-2016-6204

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis versions prior to 1.4.0 Description The issue allows remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget...

Citrix Linux Virtual Delivery Agent Local Privilege Vulnerability

Citrix Linux Virtual Delivery Agent formerly known as Linux Virtual Desktop is a suite of virtual desktop software from Citrix Systems. A local elevation of privilege vulnerability exists in Citrix Linux Virtual Delivery Agent versions prior to 1.4.0. A local attacker could exploit this...

Path Traversal Vulnerability in Joomla! Helpdesk Pro Plugin

Joomla! is a well-known content management system in foreign countries. Joomla! is a software system developed using the PHP language coupled with a MySQL database, which can be implemented on a variety of different platforms such as Linux, Windows, MacOSX and so on. A path traversal vulnerabilit...