CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

EUVD-2019-1032

Malware in sbrugna...

CVE-2019-0289

Under certain conditions SAP BusinessObjects Business Intelligence platform Analysis for OLAP, versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted...

CVE-2025-25165

CVE-2025-25165 affects WordPress Staff Directory Plugin: Company Directory (versions up to 4.3). Vulnerability: Stored XSS due to improper neutralization of input during web page generation. Impact/conditions: the issue is a cross-site scripting vulnerability described in multiple sources; the CV...

PT-2024-28543 · Dell · Dell Appsync Server

Name of the Vulnerable Software and Affected Versions: Dell AppSync Server versions 4.3 through 4.6 Description: The issue is related to an XML External Entity Injection, which could be exploited by an adjacent high privileged attacker, potentially leading to information disclosure...

PT-2024-22172 · WordPress · Dsgvo All In One For Wp

Name of the Vulnerable Software and Affected Versions: DSGVO All in one for WP versions n/a through 4.3 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user without their knowledge or consent. Recommendations:...

moodle Cross-Site Scripting Vulnerability

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in moodle versions 4.3, 4.2 through 4.2.3, which stems from a cross-site scripting...

CVE-2023-25475

Cross-Site Request Forgery CSRF vulnerability in Vladimir Prelovac Smart YouTube PRO plugin = 4.3 versions...

PT-2023-12227 · Plone Cms · Plone Cms

Name of the Vulnerable Software and Affected Versions: Plone CMS versions 4.3.3 through 4.3.20, 5.0 through 5.0.10, 5.1 through 5.1.7, 5.2.0 through 5.2.4 Description: An issue in Plone CMS allows an attacker to access sensitive information via the RSS feed protlet. Recommendations: For Plone CMS...

SUSE CVE-2015-7701

Memory leak in the CRYPTOASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service memory consumption...

SUSE CVE-2016-2519

ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service ntpd abort by a large request data value, which triggers the ctlgetitem function to return a NULL value...

DEBIAN-CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

CVE-2022-21400

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications component: Mediation Engine. Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

PT-2020-16230 · Powerdns +1 · Powerdns Recursor +1

Name of the Vulnerable Software and Affected Versions: PowerDNS Recursor versions 4.1.x through 4.1.17 PowerDNS Recursor versions 4.2.x through 4.2.4 PowerDNS Recursor versions 4.3.x through 4.3.4 Description: A remote attacker can cause the cached records for a given name to be updated to the...

PYSEC-2020-90

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT overwrite some content without needing write permission...

PT-2019-15961 · Cyxtera · Cyxtera Appgate Sdp Client

Name of the Vulnerable Software and Affected Versions: Cyxtera AppGate SDP Client versions 4.1.x through 4.3.x before 4.3.2 Description: A local or remote user from the same domain can gain privileges in the affected software. Recommendations: For versions 4.1.x through 4.3.x before 4.3.2, update...

DEBIAN-CVE-2019-18889

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...

Pivotal Spring Framework Cross Domain Request Vulnerability

Pivotal Spring Framework is the United States Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Pivotal Spring Framework versions 5.0.x prior to 5.0.7, 4.3.x prior to 4.3.1...

phpMyAdmin Security Bypass Vulnerability (Nov 2015) - Windows

phpMyAdmin is prone to reCaptcha bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

PT-2015-7382

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 4.3.x through 4.3.13.1 phpMyAdmin versions 4.4.x through 4.4.14.0 Description: The issue allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a...