22 matches found
CVE-2026-50011
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...
PT-2026-21168
Name of the Vulnerable Software and Affected Versions whatwouldjessedo Simple Retail Menus versions through 4.2.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP...
CVE-2025-40807
A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...
CVE-2025-40807
Gridscale X Prepay (Siemens) is affected by CVE-2025-40807 in all versions
CVE-2025-40807
A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...
CVE-2025-49400
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osama.esh WP Visitor Statistics Real Time Traffic allows Stored XSS. This issue affects WP Visitor Statistics Real Time Traffic: from n/a through 8.2...
WordPress plugin S3Player 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin WPC Smart Messages for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Side Menu Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
AZL-40000 CVE-2024-31744 affecting package jasper for versions less than 4.2.1-2
In Jasper 4.2.2, the jpcstreamlistremove function in src/libjasper/jpc/jpcdec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file...
Subrion CMS Security Vulnerability
Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports a variety of extensions plugins and more. A security vulnerability exists in Subrion CMS version 4.2.1, which stems from a SQL injection vulnerability in...
WordPress Plugin Video Conferencing with Zoom 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
SUSE CVE-2004-1182
hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted 1 username or 2 hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password...
SUSE CVE-2020-20898
Integer Overflow vulnerability in function filter16prewitt in libavfilter/vfconvolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts...
CVE-2022-43120
A cross-site scripting XSS vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field...
Subrion CMS Authorization Issues Vulnerability
Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. An authorization issue vulnerability exists in Subrion CMS version 4.2.1. The vulnerability stems from a lack of...
HPE Network Function Virtualization Director Information Disclosure Vulnerability
HPE Network Function Virtualization Director NFVD is a suite of NFV orchestration solutions from Hewlett Packard Enterprise HPE, USA. It is designed to automate the management of end-to-end services across VNFs, VNF forwarding maps, and network services NS. An information disclosure vulnerability...
Charles Proxy Local Elevation of Privilege Vulnerability
Charles Proxy is an HTTP monitor that looks at all HTTP traffic between your computer and the Intel. A local elevation of privilege vulnerability exists in the Charles Proxy Settings suid binary in versions of Charles Proxy prior to 4.2.1. A local attacker can exploit this vulnerability to gain...
Subrion cross-site scripting vulnerability (CNVD-2018-14782)
Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site scripting vulnerability exists in uploads/.htaccess in Subrion CMS version 4.2.1, which stems...
CVE-2018-2607
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications subcomponent: Base. The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Gue...