8 matches found
CVE-2026-5529
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...
CVE-2026-39348
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source omits authorization on job specification and vacancy attachment download handlers, allowing authenticated low-privilege users to read attachments via direct reference to attachment identifier...
CVE-2026-3419
Fastify incorrectly accepts malformed Content-Type headers containing trailing characters after the subtype token, in violation of RFC 9110 §8.3.1https://httpwg.org/specs/rfc9110.htmlfield.content-type. For example, a request sent with Content-Type: application/json garbage passes validation and ...
CVE-2023-3779
The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...
GHSA-H2PM-378C-PCXX Path traversal vulnerability in gatsby-plugin-sharp
Impact The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. The following steps can be used to reproduce the vulnerability: Create a new Gatsby project, and install...
DEBIAN-CVE-2022-35948
undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...
PT-2021-4505 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.1 Description: The issue is related to the wp die function in WordPress, which can leak output data under certain conditions, including sensitive information like nonces. This leaked data can be used to perform...
CVE-2019-17330
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting XSS attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO...