4 matches found
CVE-2025-48878 Combodo iTop vulnerable to IDOR with ModuleInstallation object
Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user e.g. with Service desk agent profile to create a ModuleInstallation object when they shouldn't be able to do so. Version 3.2.2 fixes the issue...
PT-2024-30368 · Apache · Apache Dolphinscheduler
Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions prior to 3.2.2 Description: A critical issue has been identified in Apache DolphinScheduler, allowing hackers to execute remote code. This poses a significant security risk. The issue affects versions prior to...
PT-2024-13605 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.2.2 and prior Description: The issue allows a local attacker to cause a multimedia player crash by modifying a released pointer. Recommendations: For OpenHarmony versions 3.2.2 and prior, at the moment, there is no...
GitBook online reader cross-site scripting vulnerability
GitBook is a command-line tool for publishing and hosting books online. online reader is one of the online reading modules. A cross-site scripting vulnerability exists in the online reader in GitBook versions prior to 3.2.2, which stems from the program failing to properly filter user input. A...