13 matches found
EUVD-2026-23179
The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail...
EUVD-2026-1841
Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...
CVE-2026-22584
Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...
CVE-2025-31029
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through = 1.2.0...
LLaVA 资源管理错误漏洞
LLaVA is an application by Haotian Liu, an individual developer. A resource management error vulnerability exists in LLaVA v1.2.0, which stems from a file upload request being mishandled, which could lead to a denial of service...
PT-2024-14162 · WordPress · Wpcs – Wordpress Currency Switcher Professional
Name of the Vulnerable Software and Affected Versions: WPCS – WordPress Currency Switcher Professional versions 1.2.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This mea...
SUSE CVE-2023-25563
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of...
DEBIAN-CVE-2023-25567
GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the avpair is not checked properly for two of the elements which can trigger an out-of-bound read. The...
GSS-NTLMSSP 缓冲区错误漏洞
GSS-NTLMSSP is gssapi open source mechglue plugin that implements the NTLM authentication GSSAPI library . GSS-NTLMSSP version 1.2.0 before the buffer error vulnerability , the vulnerability stems from the application allows a length greater than 4GB of the token , an attacker can use the...
Jenkins OpenShift Deployer Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...
DEBIAN-CVE-2022-30974
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413...
CVE-2022-1045
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0...
PT-2020-18894 · Google +1 · Libprotobuf +1
Name of the Vulnerable Software and Affected Versions: Valve's Game Networking Sockets versions prior to v1.2.0 Description: The issue arises from improper handling of inlined statistics messages in the CConnectionTransportUDPBase::Received Data function, leading to an exception thrown from...