4 matches found
CVE-2025-5260
Server-Side Request Forgery SSRF vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5...
CVE-2025-5260
CVE-2025-5260 is an SSRF vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online prior to version 3.1.5. The issue is triggered via server-side requests from the application, allowing an attacker to induce requests to internal or external resources. The CVE is corroborated by multiple sourc...
CVE-2023-1730
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks...
DEBIAN-CVE-2024-56201
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability...