10 matches found
CVE-2026-44073
Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...
EUVD-2026-31236
Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...
CVE-2026-32622
SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...
VulnCheck KEV: CVE-2026-21891
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...
WordPress plugin Hyyan WooCommerce Polylang Integration has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2025-63032
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thinkupthemes Consulting consulting allows Stored XSS.This issue affects Consulting: from n/a through = 1.5.0...
CVE-2025-32786 GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...
PT-2025-5911 · WordPress · Thunderbax Wp Admin Custom Page
Name of the Vulnerable Software and Affected Versions: thunderbax WP Admin Custom Page versions 1.5.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in thunderbax WP Admin Custom Page. Recommendations: For versions 1.5.0 and earlier,...
pkgconf buffer overflow vulnerability
pkgconf is an application that configures compilers for development frameworks. A buffer overflow vulnerability exists in the 'dequote' function in pkgconf versions 1.5.0 through 1.5.2. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service with the help...
Atlassian Crowd crowd-application plugin module user forgery vulnerability
Atlassian Crowd is a web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization and other functions for multiple users, web applications and directory servers. crowd-application plugin module is one of the SSO management plugin. A security...