14 matches found
PT-2026-35928
Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before v1.2.1...
CVE-2026-3211 Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012
Cross-Site Request Forgery CSRF vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1...
CVE-2026-28521
CVE-2026-28521 affects arduino-TuyaOpen prior to 1.2.1, where an out-of-bounds memory read in the TuyaIoT component can be triggered by malicious DP event data issued by an attacker who hijacks or controls the Tuya cloud service. Impact is information disclosure and potential denial of service. D...
PT-2025-52574
Name of the Vulnerable Software and Affected Versions WC Builder – WooCommerce Page Builder for WPBakery plugin versions prior to 1.2.1 Description The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress contains a Stored Cross-Site Scripting issue. Insufficient input...
AZL-66035 CVE-2024-58266 affecting package rust for versions less than 1.86.0-3
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
Drupal Cache Utility 跨站请求伪造漏洞
Drupal Cache Utility is a tool module for the Drupal community to manage and optimize the Drupal cache. A cross-site request forgery vulnerability exists in Drupal Cache Utility versions prior to 1.2.1 that stems from cross-site request forgery...
WordPress plugin Themify Portfolio Post 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Nextcloud 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud useroidc 1.2.1, which stems from the fact that sensitive information such as OIDC client...
CVE-2022-1044
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1...
PT-2022-18977 · Dompdf · Dompdf
Name of the Vulnerable Software and Affected Versions: Dompdf versions prior to 1.2.1 Description: The issue allows remote code execution via a .php file in the src field of an @font-face Cascading Style Sheets CSS statement within an HTML input file. This is a general information about the issue...
GHSA-G8JJ-899Q-8X3J Cross-site scripting in json-sanitizer
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause...
CppCMS Denial of Service Vulnerability
CppCMS is a free , mainly using C + + language development of the Web rapid development framework . JSON parser is one of the JSON parser module . A security vulnerability exists in the JSON parser module in CppCMS versions before 1.2.1. An attacker can exploit this vulnerability to cause a denia...
QtPass Password Generation Vulnerability
QtPass is a Unix password manager with a graphical user interface maintained by the Dutch organization IJhack. A security vulnerability exists in versions of QtPass prior to 1.2.1. An attacker can exploit the vulnerability to predict and enumerate passwords...
libvirt: denial of service with keepalive
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service libvirtd crash by closing a connection before a keepalive response is sent...