9 matches found
CVE-2026-33417
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...
CVE-2026-25442 WordPress Kentha theme <= 4.7.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha kentha allows Reflected XSS.This issue affects Kentha: from n/a through = 4.7.2...
EUVD-2026-4942
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...
PT-2026-5367
Name of the Vulnerable Software and Affected Versions Runtipi versions 4.5.0 through 4.7.1 Description Runtipi is a personal homeserver orchestrator. An unauthenticated Path Traversal vulnerability exists in the UserConfigController. This allows a remote user to overwrite the system's...
WordPress plugin WP Maps 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2020-20913
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basictitle parameter...
PT-2022-23021 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions prior to 4.7.2 Description: The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a...
OpenZeppelin 安全漏洞
OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts prior to version v4.7.2, which stems from the fact that this is a library for secure smart contract development, and that contracts using Arbitrum L2's...
tcpdump: force printer vulnerability
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...