11 matches found
EUVD-2026-37647
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
CVE-2026-7509 KIA Subtitle <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]
The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...
Selea CarPlateServer 访问控制错误漏洞
Selea CarPlateServer is a car plate recognition software from Selea, Italy. An access control error vulnerability exists in Selea CarPlateServer version 4.0.1.6, which originates from the ability to bypass authentication by manipulating the NOLISTEXEPATH configuration parameter, which could lead ...
CVE-2023-39650
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single...
Flask-CORS vulnerable to Improper Handling of Case Sensitivity
corydolphin/flask-cors version 5.0.1 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...
Apache Hive Incorrectly Assigns Permissions for a Critical Resource
Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to...
IBM Aspera Orchestrator 安全漏洞
IBM Aspera Orchestrator is a Web-based application from International Business Machines IBM, Inc. It can provide data-driven organizations with an efficient document processing pipeline. An HTTP header injection vulnerability exists in IBM Aspera Orchestrator version 4.0.1, which can be exploited...
PT-2023-21919
Name of the Vulnerable Software and Affected Versions Apache Airflow Spark Provider versions prior to 4.0.1 Description The issue is related to improper input validation in the Apache Airflow Spark Provider. This allows the host and schema of JDBC Hook to contain / and ?, which can be used to...
CVE-2022-36356
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin = 4.0.1 at WordPress...
PT-2019-13238 · Xpdf · Xpdf
Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: The issue is a heap-based buffer over-read in the JBIG2Stream::readTextRegionSeg function, which can be triggered by sending a crafted PDF document to the pdftoppm tool. This might allow an attacker to cause...
phaos-disclose.txt
Remote File Disclosure Vulnerability in showSource.php phaos4.0.1 MY HOmE : WWW.PAL-HACkEr.COM WWW.ATSDP.COM AUTHOR : HaCkeREgY My HoMe : www.PaL-HaCker.com & www.ATSDP.com ConTacT : [email protected] ----------------------------------------------- script: phaos4.0.1...