CVE-2017-20236 ProSoft Technology ICX35-HWC Command Injection via Web Interface

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...

Cursor 代码问题漏洞

Cursor is an AI code editor open-sourced by Cursor. A code issue vulnerability exists in Cursor versions prior to 1.3 that stems from Mermaid allowing embedded images, which could lead to the disclosure of sensitive information...

Apache Pinot 安全漏洞

Apache Pinot is a real-time distributed OLAP data store from the Apache USA Foundation. It is designed to provide ultra-low latency analytics. A security vulnerability exists in Apache Pinot versions prior to 1.3 that stems from an authentication bypass issue that allows unauthorized users to add...

PT-2024-34726 · Unknown · Kento Ads Rotator

Name of the Vulnerable Software and Affected Versions: Kento Ads Rotator versions prior to 1.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This flaw allows Stored XSS, which can be used to inject malicio...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress versions prior to 1.3, which stems from not properly cleaning data entries, allowing the insertion of HTML or JavaScript code...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress versions prior to 1.3. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

PT-2023-16633 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: flatpress versions prior to 1.3 Description: The issue is related to Path Traversal in the GitHub repository flatpressblog/flatpress. Recommendations: For versions prior to 1.3, update to version 1.3 or later to resolve the issue...

FlatPress 路径遍历漏洞

FlatPress is a Php-based blog builder without database support for the FlatPress community. A path traversal vulnerability exists in FlatPress versions prior to 1.3, which can be exploited by an attacker to perform path traversal...

Akashi 输入验证错误漏洞

Akashi is an Attorney Online 2 C++ server open-sourced by Attorney Online. Versions of Akashi prior to 1.3 suffer from an Input Validation Error vulnerability that stems from an attacker being able to make illegal modifications using a specially crafted evidence package, causing the server to cra...

Microweber 授权问题漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An email bombing vulnerability exists in versions of Microweber prior to 1.3. The vulnerability stems from a failure to ra...

CVE-2021-36329

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...