9 matches found
PT-2026-25226
Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through = 1.2.2...
CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
EUVD-2025-35409
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a through = 1.2.2...
PT-2024-36790
Name of the Vulnerable Software and Affected Versions pyrage versions 1.2.0 through 1.2.2 Description The issue concerns the execution of arbitrary binaries due to malicious plugin names, recipients, or identities. This can occur when a plugin name containing a path separator is provided to the a...
PT-2024-12236 · Sparkle Themes · Sparkle Themes Blogger Buzz
Name of the Vulnerable Software and Affected Versions: Sparkle Themes Blogger Buzz versions 1.2.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Sparkle...
PT-2024-25481 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.6 Description: The issue allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate...
PT-2024-39836 · WordPress · Imagepress
Name of the Vulnerable Software and Affected Versions: ImagePress – Image Gallery plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is due to missing or incorrect nonce validation on the imagepress admin page function, making it possible for unauthenticated attacker...
PT-2024-27674 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.7 Description: The issue is related to the DELETE endpoint located at packages/backend/src/api/v1/datasets, which is vulnerable to unauthorized dataset deletion due to missing authorization and...
PT-2023-10255 · Dimtion · Shaarlier
Name of the Vulnerable Software and Affected Versions: dimtion Shaarlier versions up to 1.2.2 Description: A critical issue has been found, affecting the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java in the component Tag Handler. This issue leads to sql...