9 matches found
CVE-2025-66592
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
CVE-2026-41278 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...
Distribution 访问控制错误漏洞
Distribution is an open-source toolset developed by Distribution, used for packaging, transporting, storing, and delivering content. Versions of Distribution prior to 3.1.0 contained a access control vulnerability; this vulnerability stemmed from the possibility of restoring read access to the...
Linux Distros Unpatched Vulnerability : CVE-2019-19191
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account...
PT-2023-21570 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.0.beta3 Description: The issue allows attackers to bypass Discourse's server-side request forgery SSRF protection for private IPv4 addresses by using an IPv4-mapped IPv6 address. Recommendations: For versions...
mruby 缓冲区错误漏洞
mruby is a lightweight implementation of the Ruby language. A security vulnerability exists in versions prior to mruby 3.1.0-rc, which stems from an untrusted pointer destructor in the function mrbvmexec, which can be exploited by an attacker to cause a segmentation error and application crash...
Gemalto Ezio Server Operating System Command Injection Vulnerability
Gemalto Ezio Server is an authentication server from Gemalto USA. An operating system command injection vulnerability exists in Gemalto Ezio Server versions prior to 3.1.0, which can be exploited by an attacker to execute illegal operating system commands...
CVE-2018-16175
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors...
Facebook HipHop Virtual Machine Expected Access Restriction Bypass Vulnerability
Facebook HipHop Virtual Machine is a HipHop virtual machine developed by Facebook Inc. that significantly improves PHP performance for loading dynamic pages. Facebook HipHop Virtual Machine versions prior to 3.1.0 suffer from an Expected Access Restriction Bypass vulnerability that allows remote...