CVE-2026-43618 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43618 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

EUVD-2026-20232

Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...

CVE-2026-39602

Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...

CVE-2026-5632

A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...

CVE-2026-27353

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a through = 3.4.3...

PT-2025-46203

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.2.0 through 3.2.4 OpenEXR versions 3.3.0 through 3.3.5 OpenEXR versions 3.4.0 through 3.4.2 Description OpenEXR is an image storage format used in the motion picture industry. A use-after-free condition exists in the PyObjec...

CVE-2025-58027 WordPress NGG Smart Image Search Plugin <= 3.4.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows Stored XSS.This issue affects NGG Smart Image Search: from n/a through = 3.4.3...

GHSA-GJ8W-FFQ9-6828 JeecgBoot SQL Injection Vulnerability

JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions...

JeecgBoot SQL Injection Vulnerability

JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions...

PT-2025-34368 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: JeecgBoot versions 3.4.3 through 3.8.0 Description: JeecgBoot versions 3.4.3 through 3.8.0 contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint. This vulnerability allows bypassing SQL blacklist...

CVE-2025-51825

CVE-2025-51825 applies to JeecgBoot versions 3.4.3 through 3.8.0. A SQL injection vulnerability exists in the endpoint /jeecg-boot/online/cgreport/head/parseSql that allows bypassing SQL blacklist restrictions. The incident is documented across multiple feeds (NVD, Red Hat, GHSA, osv, etc.). Impa...

CVE-2025-32376

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...

PT-2025-15001 · Woocommerce · Cleverreach Plugin For Woocommerce

Name of the Vulnerable Software and Affected Versions: Official CleverReach Plugin for WooCommerce versions 3.4.3 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. Recommendations: For versions 3.4.3 and earlier,...

CVE-2024-1320

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offlinestatus' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-23813

Cross-Site Request Forgery CSRF vulnerability in Joseph C Dolson My Calendar plugin = 3.4.3 versions...

Design/Logic Flaw

Adobe Dimension versions 3.4.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...

UHP UHP-100 Cross-Site Scripting Vulnerability

The UHP-100 is a high-performance router designed for large-scale deployment in broadband VSAT networks. A cross-site scripting vulnerability exists in the UHP UHP-100 versions 3.4.1.15, 3.4.2.4, and 3.4.3. The vulnerability stems from the lack of proper validation of client-side data by the WEB...

iopa-mqtt (>=0.2.0 <=1.3.3), iopa-mqtt-packet (>=0.2.16 <=1.3.7) +4 more potentially affected by CVE-2019-5432 via mqtt-packet (>=2.0.1 <=3.4.3)

mqtt-packet NPM version =2.0.1, =0.2.0, =0.2.16, =1.0.0, =1.0.0-pre.1, =1.0.0, =1.0.3 - mqtt-stack =0.0.2 Source cves: CVE-2019-5432 Source advisory: OSV:GHSA-WV67-9JQ7-8R69...

CVE-2018-14655

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...