19 matches found
CVE-2026-27613
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...
WordPress plugin WP-ClanWars has a SQL injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-64524 CUPS rastertopclx Filter Vulnerable to Heap Buffer Overflow Leading to Potential Arbitrary Code Execution
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault...
PT-2025-46241
Name of the Vulnerable Software and Affected Versions Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress versions prior to 2.0.1 Description The Double the Donation plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin...
EUVD-2025-28694
Malicious code in bioql PyPI...
node-ip 代码问题漏洞
node-ip is a node.js module by indutny individual developer. A code issue vulnerability exists in node-ip version 2.0.1 and earlier, which stems from IP address 017700000001 being misclassified as globally routable, which could lead to server-side request forgery...
CVE-2024-10946
A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file /interlib/admin/SysLib?cmdACT=inputLIBCODE=batchXSL=editLIBCODE.xsl==. The...
CVE-2023-45829
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in HappyBox Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress plugin = 2.0.1 versions...
CVE-2025-47815
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflateread called indirectly from zipmemberreadall in zip-reader.c...
CVE-2025-23587 WordPress all-in-one-box-login plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound all-in-one-box-login allows Reflected XSS. This issue affects all-in-one-box-login: from n/a through 2.0.1...
Reedos aiM-Star 安全漏洞
Reedos aiM-Star is a software product from Reedos for mutual fund distribution. A security vulnerability exists in Reedos aiM-Star version 2.0.1 that originates from the transmission of sensitive information in plain text in certain API endpoints, resulting in the exposure of sensitive informatio...
PYSEC-2023-178
plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...
CVE-2020-36130
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1dxiface.c...
AppCMS Arbitrary File Deletion Vulnerability (CNVD-2021-40850)
AppCMS is a content management system CMS for mobile application downloads. A security vulnerability exists in AppCMS version 2.0.101, which can be exploited by an attacker to delete arbitrary files on the site...
CVE-2020-11831
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1...
CVE-2020-10674
PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open...
PHP Scripts Mall Chartered Accountant:Auditor Website Cross-Site Request Forgery Vulnerability
PHP Scripts Mall Chartered Accountant:Auditor Website is a financial auditing website system script by PHP Scripts Mall India. The system includes features such as profile management, feedback management, order management and document upload management. A cross-site request forgery vulnerability...
Circle with Disney Remote Code Execution Vulnerability (CNVD-2017-33180)
Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A remote code execution vulnerability exists in the database update feature in Circle with Disney version 2.0.1. The vulnerability can b...
Denny's App for Android. contains an issue where it fails to verify SSL server certificates
Overview Denny's App for Android. contains an issue where it fails to verify SSL server certificates. kurisu and matt reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...