14 matches found
Fortinet FortiSwitchAXFixed 访问控制错误漏洞
The Fortinet FortiSwitchAXFixed is a network switch device developed by the American company Fortinet. There was an access control vulnerability in the Fortinet FortiSwitchAXFixed version 1.0.0 to 1.0.1. This vulnerability stemmed from improper access control, allowing authenticated administrator...
MediaCrush 安全漏洞
MediaCrush is a media hosting and sharing platform from the Israeli company MediaCrush. A security vulnerability exists in MediaCrush versions 1.0.0 and 1.0.1, which stems from the incorrect manipulation of the parameter Host in the file /mediacrush/paths.py, which could lead to improper...
Security Bulletin: Astronomer with IBM is vulnerable to cross-site scripting due to the markdown-it package (CVE-2025-7969)
Summary Markdown-it is used by Astronomer with IBM as part of markdown parsing functionality. Vulnerability Details CVEID:CVE-2025-7969 DESCRIPTION: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in markdown-it allows Cross-Site Scripting...
Security Bulletin: Astronomer with IBM is vulnerable to symlink validation bypass due to the tar-fs package (CVE-2025-59343)
Summary Tar-fs is used by Astronomer with IBM as part of tar file processing functionality. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...
CVE-2025-31677 AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003
Cross-Site Request Forgery CSRF vulnerability in Drupal AI Artificial Intelligence allows Cross Site Request Forgery.This issue affects AI Artificial Intelligence: from 1.0.0 before 1.0.2...
PT-2024-34719 · WordPress · Wpza Amp Img Shortcode
Name of the Vulnerable Software and Affected Versions: WPZA AMP Img Shortcode versions 1.0.0 through 1.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacker...
PT-2025-2610 · Ibm · Ibm Concert
Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.1 Description: The issue is caused by the failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive information using man-in-the-middle techniques...
PT-2024-37506 · Unknown · Lahirudanushka School Management System
Name of the Vulnerable Software and Affected Versions: lahirudanushka School Management System versions 1.0.0 through 1.0.1 Description: A critical issue has been found in the lahirudanushka School Management System, affecting an unknown functionality of the file subject.php of the component...
PT-2024-37503 · Unknown · Lahirudanushka School Management System
Name of the Vulnerable Software and Affected Versions: lahirudanushka School Management System versions 1.0.0 through 1.0.1 Description: A critical issue was found in the lahirudanushka School Management System, affecting the Parent Page component, specifically the file parent.php. The manipulati...
PT-2023-10272 · WordPress · Mark User As Spammer Plugin
Name of the Vulnerable Software and Affected Versions: Mark User as Spammer Plugin versions 1.0.0 through 1.0.1 Description: A vulnerability was found in the Mark User as Spammer Plugin. It affects the user row actions function of the file plugin/plugin.php. The manipulation of the url argument...
Unspecified vulnerability in deep-override
deep-override is a software application. Provides a recursive object extension and override. A security vulnerability exists in deep-override versions 1.0.0 through 1.0.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...
PT-2021-16868 · Unknown · Deep-Override
Name of the Vulnerable Software and Affected Versions: deep-override versions 1.0.0 through 1.0.1 Description: The issue allows an attacker to cause a denial of service and may lead to remote code execution due to a prototype pollution vulnerability. Recommendations: For deep-override versions...
PT-2021-16846 · Unknown · Patchmerge
Name of the Vulnerable Software and Affected Versions: patchmerge versions 1.0.0 through 1.0.1 Description: The issue allows an attacker to cause a denial of service and may lead to remote code execution due to a prototype pollution vulnerability. Recommendations: For patchmerge versions 1.0.0...
buildbot-legacy-slack-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2019-12300 via buildbot (=1.3.0)
buildbot PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-legacy-slack-adapter =1.0.0, =1.0.1 Source cves: CVE-2019-12300 Source advisory: OSV:PYSEC-2019-6...