17 matches found
CVE-2026-44066 Heap out-of-bounds reads in Spotlight RPC unmarshalling
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption...
Fiber 跨站脚本漏洞
Fiber is an open-source web framework written in Go. Versions of Fiber prior to 2.52.12 and 3.1.0 contain a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, allowing remote attackers to inject arbitrary HTML/JavaScript into any request by providing Accept:...
CVE-2025-67545
CVE-2025-67545 is a Stored XSS in the WordPress FireBox plugin (FireBox
CVE-2025-11452
The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$COOKIE'asgarosforumunreadexclude'' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
PT-2025-36459
CVE ID: CVE-2025-0002 Published: 2025-02-10T00:00:00.000Z Severity: CRITICAL 9.1/10 Description Remote code execution vulnerability in Cloud Management Console v3.1.0 and earlier allows authenticated administrators to execute arbitrary commands on the underlying host. Root Cause Improper input...
PT-2024-12330 · Webcodin · Webcodin Wcp Contact Form
Name of the Vulnerable Software and Affected Versions: Webcodin WCP Contact Form versions 3.1.0 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Webcodin WCP...
org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-sasl (>=3.1.0 <=3.1.2) +2 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2)
org.apache.pulsar:pulsar-broker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-28098 Source advisory: OSV:GHSA-G627-R579-RW35...
WordPress Fathom Analytics Plugin < 3.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Fathom Analytics Type Plugin Vulnerable versions 3.1.0 Fixed in 3.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 30f046c6503f Credits WordFence Required privilege...
CVE-2023-41847
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WEN Solutions Notice Bar plugin = 3.1.0 versions...
co.fs2:fs2-protocols_sjs1_3 (>=3.1-2-8dabe12 <=3.2.10), com.armanbilge:feral-lambda-api-gateway-proxy-http4s_sjs1_3 (>=0.1-2f94f32 <=0.1-f497734) +27 more potentially affected by CVE-2022-31183 via co.fs2:fs2-io_sjs1_3 (>=3.1.0 <=3.2-10-421c242)
co.fs2:fs2-iosjs13 MAVEN version =3.1.0, =3.1-2-8dabe12, =0.1-2f94f32, =0.1-2f94f32, =0.1-9d346fe, =0.1-9d346fe, =0.1-9d346fe, =0.0-ba9ae1f, =0.4.1, =0.18.3, =0.1.0, =6.3.0, =0.23.5, =0.23.5, =0.23.5, =1.0.0-M29 and more Source cves: CVE-2022-31183 Source advisory: OSV:GHSA-2CPX-6PQP-WF35...
cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.soap:cloud-altemistafwk-core-soap-wss (>=3.0.0.RELEASE <=3.1.0.RELEASE) +1253 more potentially affected by CVE-2016-8739 via org.apache.cxf:cxf-core (>=3.1.0 <=3.1.8)
org.apache.cxf:cxf-core MAVEN version =3.1.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =2.6.3, =1.2.18, =5.0.0, =6.0.1 - com.bilalalp:cxfclientlogger =1.0 - com.bilalalp:cxflogger =1.0 and more Source cves: CVE-2016-8739 Source advisory:...
RiteCMS 代码问题漏洞
RiteCMS is a web CMS. RiteCMS 3.1.0 and earlier contain an arbitrary file upload vulnerability that allows an authenticated attacker to upload PHP files and bypass the .htacess configuration to execute .php files in the media and files directories for remote command execution...
PT-2021-14676 · Jenkins · Jenkins Owasp Dependency-Track Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OWASP Dependency-Track Plugin versions 3.1.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. The issue arises...
aether-sdk (>=1.3.4 <=1.3.8), apis-bibsonomy (>=0.2.0 <=0.3.0) +227 more potentially affected by CVE-2021-23336 via django (>=3.1.0 <=3.1.6)
django PYPI version =3.1.0, =1.3.4, =0.2.0, =0.16.12, =0.8.8, =0.5.0, =0.1.0, =1.0.0b3, =0.0.1, =2.11.0, =0.0.32, =0.0.38, =0.0.39 and more Source cves: CVE-2021-23336 Source advisory: SNYK:PYTHON-DJANGO-1076802...
activedirectoryenum (>=0.4.7 <=0.5.0), airflow-run (=0.4.9) +215 more potentially affected by CVE-2020-36242 via cryptography (>=3.1.0 <=3.3.1)
cryptography PYPI version =3.1.0, =0.4.7, =0.117.0b0, =0.8.0, =2.0.1, =8.0.1, =0.0.3, =0.9.1, =0.11.0 - azureml-accel-models =1.23.0 - azureml-cli-common =1.23.0 - azureml-contrib-fairness =1.23.0 - azureml-contrib-functions =1.23.0 - azureml-contrib-gbdt =1.23.0 - azureml-contrib-interpret =1.23...
JBoss RichFaces Arbitrary Java Code Execution Vulnerability
Red Hat JBoss RichFaces is the United States Red Hat Red Hat, Inc. of an open source JSF JavaServer Faces component library . The library provides built-in JavaScript and Ajax functionality . A security vulnerability exists in Red Hat JBoss RichFaces versions 3.1.0 through 3.3.4. A remote attacke...
Squid Denial of Service Vulnerability (CNVD-2016-01997)
Squid full name Squid Cache is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A denial of service vulnerability exists in Squid versions 3.1.0 through 3.5.15 and 4.0 through...