10 matches found
CVE-2026-44668
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...
Faction 安全漏洞
Faction is an open-source report generation and evaluation framework developed by Faction Security. Versions of Faction prior to 1.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of output encoding for attachment file names during the evaluation file preview...
CVE-2026-23483
Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly...
CVE-2022-4058
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control...
PYSEC-2022-283
Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3...
OctoPrint 安全漏洞
OctoPrint is an application. Provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in versions prior to OctoPrint 1.8.3 that stems from incorrect privilege management...
VulnCheck KEV: CVE-2021-24186
The tutoransweringquizquestion/getanswerbyid function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...
DEBIAN-CVE-2015-6748
Cross-site scripting XSS vulnerability in jsoup before 1.8.3...
CVE-2016-4827
Cross-site scripting XSS vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826...
CVE-2016-4826
Cross-site scripting XSS vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827...