CVE-2025-69662

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

CVE-2025-65035 GLPI Database Inventory Plugin Vulnerable to Stored Object Injection

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions database write access must first be obtained through another vulnerability or misconfiguration...

Database inventory plugin 代码问题漏洞

Database inventory plugin is an open source database management plugin for GLPI Project Plugins. A code issue vulnerability exists in versions of Database inventory plugin prior to 1.1.2, which stems from insecure storage of user-controlled data and could lead to the instantiation of arbitrary PH...

EUVD-2025-93386

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CISA Thorium 安全漏洞

CISA Thorium is a highly scalable distributed malware analysis and data generation framework from the U.S. Cybersecurity and Infrastructure Security Administration CISA government division. A security vulnerability exists in CISA Thorium versions prior to 1.1.2 that stems from unvalidated TLS...

CVE-2023-31714

Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities...

Bluegrams YoutubeDLSharp 安全漏洞

Bluegrams YoutubeDLSharp is a simple .NET wrapper library for youtube-dl and yt-dlp from Bluegrams. A security vulnerability exists in Bluegrams YoutubeDLSharp version 1.0.0-beta4 through versions prior to 1.1.2, which stems from an insecure parameter transformation that could lead to command...

CVE-2024-13292

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Tooltip allows Cross-Site Scripting XSS.This issue affects Tooltip: from 0.0.0 before 1.1.2...

BG.Studio Color Phone Call Screen App 安全漏洞

BG.Studio Color Phone Call Screen App BG.Studio com.asianmobile.callcolor is a color phone call screen application from BG.Studio, Inc. A security vulnerability exists in BG.Studio Color Phone Call Screen App version 1.1.2 and earlier, which stems from a vulnerability that allows any application ...

Drupal Tooltip module < 1.1.2 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff in WordPress Module Tooltip versions 1.1.2...

WordPress plugin Olive One Click Demo Import 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerabilit...

CVE-2023-31714

Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities...

SUSE CVE-2004-0802

Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817...

SUSE CVE-2009-3618

Cross-site scripting XSS vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information...

CVE-2022-3419

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator...

October CMS 安全漏洞

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. October before version 1.1.2 suffers from a security vulnerability that stems from a host header attack that may succeed when running on a misconfigured server. No detailed vulnerabilit...

CVE-2021-3193

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user...

WordPress PageLayer plugin license issue vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress PageLayer plugin versions prior to 1.1.2 that stems fro...

CVE-2017-18573

The simple-login-log plugin before 1.1.2 for WordPress has SQL injection...

Synology Drive Information Disclosure Vulnerability

Synology Drive is a collaborative office suite from Synology Taiwan, China. The product includes document management, collaborative office and file synchronization and backup features. An information disclosure vulnerability exists in SYNO.SynologyDrive.Files in Synology Drive versions prior to...