14 matches found
CVE-2026-7700
Langflow-ai Langflow up to v1.8.4 is affected by a code injection in the LambdaFilterComponent’s eval function (src/lfx/src/lfx/components/llm_operations/lambda_filter.p). The underlying issue is unsafe evaluation of input, enabling remote exploitation. The CVE indicates the attack can be perform...
CVE-2018-25263
Faleemi Desktop Software 1.8.2 contains a local buffer overflow in the Device alias field of the Managing Log interface that allows an attacker with local access to trigger a structured exception handler (SEH) overwrite and execute arbitrary code (PoC shows calculator). The vulnerability is trigg...
CVE-2020-24220
ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server...
CVE-2025-58948
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Aromatica aromatica allows PHP Local File Inclusion.This issue affects Aromatica: from n/a through = 1.8...
CVE-2025-14245
IdeaCMS up to version 1.8 contains a SQL injection vulnerability in the whereRaw usage of Coupon.php (app/common/logic/index/Coupon.php). The root cause is improper manipulation of the params argument, enabling remote attacker input to influence SQL queries. Multiple security feeds (NVD, Red Hat,...
PT-2025-54: Business Logic Errors in FreeScout
The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed ...
CVE-2020-26041
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php...
CVE-2025-32180 WordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mojofywp Product Carousel For WooCommerce – WoorouSell woorousell allows Stored XSS.This issue affects Product Carousel For WooCommerce – WoorouSell: from n/a through = 1.1.0...
PT-2024-13396
Name of the Vulnerable Software and Affected Versions PyPXE version 1.8.4 Description The issue allows a remote attacker to cause a denial of service via the handle function in the tftp module. Recommendations For PyPXE version 1.8.4, consider disabling the handle function in the tftp module as a...
PT-2023-25234 · Gz Scripts · Gz Multi Hotel Booking System
Name of the Vulnerable Software and Affected Versions: GZ Scripts GZ Multi Hotel Booking System version 1.8 Description: A vulnerability was found in the GZ Multi Hotel Booking System. It has been classified as problematic. The issue affects an unknown function of the file /index.php. The...
Deno 安全漏洞
Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno 1.8.0 and earlier versions that exploits a vulnerability that allows a malicious program to clear the first two lines of the...
Dell Hybrid Client 安全漏洞
Dell Hybrid Client is a software application from Dell USA Inc. It provides a client computing software with hybrid cloud management capabilities. A security vulnerability previously existed in Dell Hybrid Client version 1.8, which stemmed from the inclusion of a Zip Bomb vulnerability in the UI....
SUSE-SU-2019:0061-1 Security update for haproxy
This update for haproxy to version 1.8.15 fixes the following issues: Security issues fixed: - CVE-2018-20102: Fixed an out-of-bounds read in dnsvalidatednsresponse, which allowed for memory disclosure bsc1119368 - CVE-2018-20103: Fixed an infinite recursion via crafted packet allows stack...
CVE-2017-10831
Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...