20 matches found
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection (CVE-2026-27641)
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...
Gravitl Netmaker 数据伪造问题漏洞
Gravitl Netmaker is a platform developed by the American company Gravitl, which uses WireGuard to create and manage fast, secure, and dynamic virtual overlay networks. It is used to create and control automated virtual networks. Versions of Gravitl Netmaker prior to 1.5.0 contained a data...
CVE-2026-3532
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3532 OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3531 OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3531
CVE-2026-3531 affects Drupal OpenID Connect / OAuth client prior to 1.5.0. The root cause is an authentication bypass via an alternate path or channel, enabling unauthorized access to resources protected by authentication. Public descriptions from Red Hat, ENISA/EUVD, NVD/NVD, CVE lists and the D...
CVE-2026-24034
Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...
CVE-2025-62527
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been...
CVE-2025-52931
Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body...
CVE-2025-44001 Unauthorized Channel Subscription Read in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint...
PT-2025-32579 · Mattermost · Mattermost Confluence Plugin
Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to a channel, enabling attackers to create channel subscriptions without authorization through an API call to the...
CVE-2023-2103
Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-1269
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2018-8728
server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in "kontena master login --remote" code display, as demonstrated by /codecode= in a URI...
CVE-2022-1397
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. display Post Metadata plugin is a WordPress open source application plugin. WordPress Display Post Metadata plugin ...
CVE-2020-35122
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection...
LiteSpeed OpenLiteSpeed Buffer Overflow Vulnerability
LiteSpeed OpenLiteSpeed is an open source lightweight HTTP server . A buffer overflow vulnerability exists in versions prior to LiteSpeed OpenLiteSpeed 1.5.0 RC6, which can be exploited by a local attacker to cause a denial of service by creating a symbolic link...
Jumio SDK for Android Arbitrary Code Execution Vulnerability
Jumio SDK for Android is a software development kit for building authentication applications using biometrics based on the Android platform. A security vulnerability exists in versions of Jumio SDK for Android prior to 1.5.0. The vulnerability can be exploited to execute arbitrary code via the...
Kontena server/app/views/static/code.html page cross-site scripting vulnerability
Kontena is a suite of open source microservices platforms capable of running applications as containers. The 'kontena master login --remote' code on the server/app/views/static/code.html page in Kontena versions prior to 1.5.0 indicates a cross-site scripting vulnerability. A remote attacker coul...