8 matches found
CVE-2026-33942
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize in AccessTokenAuthenticator::unserialize to restore OAuth token state from cache or storage, with allowedclasses = true. An attacker who can control the serialized...
CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...
Engine.IO 安全漏洞
Engine.IO is a transport-based implementation of Socket.IO's cross-browser/cross-device bi-directional communication layer.A denial-of-service vulnerability exists in versions of Socketio Engine.IO prior to 3.6.1, 4.0.0 and later, and prior to 6.2.1, which stems from a failure to properly handle...
PT-2022-17352 · WordPress · Enable Media Replace
Name of the Vulnerable Software and Affected Versions: Enable Media Replace WordPress plugin versions prior to 4.0.0 Description: The issue allows high privilege users, such as admins, to potentially move files outside the Upload folder to the web root directory via a path traversal attack...
npm markdown-link-extractor 安全漏洞
npm markdown-link-extractor is used to extract links from Markdown text. npm markdown-link-extractor versions prior to 3.0.2 and 4.0.0 contain a denial of service vulnerability that stems from not properly handling incoming error messages, which could be exploited by an attacker to cause a denial...
Mattermost Server vulnerable to XSS via an uploaded file
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file...
Juniper Contrail Service Orchestration Hard-Coded Credentials Vulnerability (CNVD-2019-19205)
Juniper Contrail Service Orchestration CSO is a Juniper Networks suite of products for designing and deploying network services in a centralized cloud CPE deployment model. A hard-coded credentials vulnerability exists in Juniper CSO versions prior to 4.0.0. The vulnerability stems from the fact...
PT-2006-1134 · Crawl · Crawl
Name of the Vulnerable Software and Affected Versions: crawl versions prior to 4.0.0 Description: The issue allows local users to gain privileges due to insecure calls to programs when saving and loading games. Recommendations: For versions prior to 4.0.0, update to version 4.0.0 or later to...