9 matches found
GHSA-44F4-GVWJ-6QG3 Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters
In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before...
EUVD-2017-9633
Malware in sbrugna...
CVE-2025-31692
CVE-2025-31692 : Drupal AI (Artificial Intelligence) module is affected by an OS command injection vulnerability in versions 0.0.0 through 1.0.4 due to improper neutralization of special elements in commands. Exploitation could allow an attacker to execute arbitrary OS commands. Affected componen...
WordPress plugin Weaver Themes Shortcode Compatibility 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...
PT-2025-5083 · Unknown · Gdpr Personal Data Reports
Name of the Vulnerable Software and Affected Versions: GDPR Personal Data Reports versions n/a through 1.0.5 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for Stored XSS attacks. Recommendations:...
PT-2023-27306 · Unknown · Social Media Skeleton
Name of the Vulnerable Software and Affected Versions: Social media skeleton versions prior to 1.0.5 Description: Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. This issue...
CVE-2023-1134
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges...
CVE-2023-1139
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution...
go-jose CBC-HMAC Integer Overflow Vulnerability
go-jose is a standard method for implementing JavaScript object signing and encryption . An integer overflow vulnerability exists in 32-bit architectures in versions of go-jose prior to 1.0.5. An attacker could exploit this vulnerability to bypass authentication...