16 matches found
RCE (Remote Code Execution) at c3p0 dependency in Crucible Server
This High severity RCE Remote Code Execution vulnerability was introduced in version 4.9.0 of Crucible Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of code:java CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H code allows an...
WordPress WP-Chatbot for Messenger plugin <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability
Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin WP-Chatbot for Messenger versions = 4.9...
CVE-2026-1320
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for...
ZITADEL security vulnerabilities
ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed for the era of containers and serverless environments by ZITADEL in Switzerland. Versions of ZITADEL prior to 4.9.1 and 3.4.6 contain security vulnerabilities. These vulnerabilities stem from...
CVE-2023-54329
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload t...
EUVD-2025-34744
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications...
WordPress Newsletters plugin <= 4.9.9.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Webula in WordPress Plugin Newsletters versions = 4.9.9.7...
Wazuh Unsafe Deserialization / Remote Code Execution
Wazuh versions starting at 4.4.0 and before 4.9.1 suffer from an unsafe deserialization vulnerability that allows for remote code execution...
WordPress plugin Easy Accept Payments via PayPal 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...
CVE-2023-5534
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions vi...
Xen Security Vulnerabilities
A security vulnerability exists in Xen 4.9 through 4.14.x that allows client-controlled memory access to bypass the cache...
Samba Code Problem Vulnerability
Samba is a set of free software from the Samba team that enables UNIX series operating systems to connect to the SMB/CIFS network protocol of Microsoft Windows operating systems. The program supports sharing printers, transferring data files to each other, and so on. A code issue vulnerability...
CVE-2016-0207
IBM Algorithmics One-Algo Risk Application ARA 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399...
Xen 'Hypervisor' Memory Corruption Vulnerability
Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A memory corruption vulnerability...
Xen Arbitrary Code Execution Vulnerability (CNVD-2017-32695)
Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in X...
CVE-2017-1155
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference : 1999754...