Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-105 (ALASECS-2026-105)

The version of runc installed on the remote host is prior to 1.3.4-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-105 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix...

EUVD-2025-199001

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated...

CVE-2021-24683

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...

PT-2024-26281 · Axepta · Axepta

Name of the Vulnerable Software and Affected Versions: Axepta versions prior to 1.3.4 Description: The issue allows a guest to download partial credit card information, such as expiry date, postal address, and email, without restriction due to a lack of permissions control. Recommendations: For...

PT-2024-21045 · Pimcore · Pimcore Admin Classic Bundle

Name of the Vulnerable Software and Affected Versions: pimcore/admin-ui-classic-bundle versions prior to 1.3.4 Description: A potential security issue has been discovered in the pimcore/admin-ui-classic-bundle. The issue involves a Host Header Injection in the invitationLinkAction function of the...

Strapi Security Vulnerabilities

Strapi is an open source content management system CMS. A security vulnerability exists in Strapi Protected Populate Plugin versions prior to 1.3.4. An attacker could exploit the vulnerability to populate certain fields...

Microweber 安全漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images and more. A security vulnerability exists in Microweber versions prior to 1.3.4, which stems from...

SUSE CVE-2004-0642

Double free vulnerabilities in the error handling code for ASN.1 decoders in the 1 Key Distribution Center KDC library and 2 client library for MIT Kerberos 5 krb5 1.3.4 and earlier may allow remote attackers to execute arbitrary code...

PT-2023-16211 · WordPress · Location Weather

Name of the Vulnerable Software and Affected Versions: Location Weather WordPress plugin versions prior to 1.3.4 Description: The issue concerns the Location Weather WordPress plugin, which does not properly validate and escape certain block options before outputting them in a page or post. This...

PT-2021-16193 · WordPress · The Weather Effect

Name of the Vulnerable Software and Affected Versions: The Weather Effect WordPress plugin versions prior to 1.3.4 Description: The issue is related to the lack of CSRF checks and input validation when saving settings, which could lead to a Stored Cross-Site Scripting issue. This means that an...

Mumble Backlink Vulnerability

Mumble is a set of voice communication tools for use in games. The tool allows players to engage in real-time voice communication while playing the game. A security vulnerability exists in Mumble before 1.3.4 that allows remote code execution...

VulnCheck KEV: CVE-2018-7765

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...

DTEN D5 and DTEN D7 Information Disclosure Vulnerabilities (CNVD-2020-03052)

The DTEN D5 and DTEN D7 are both stylus pens from DTEN. A security vulnerability exists in DTEN D5 and D7 versions prior to 1.3.4. The vulnerability can be exploited by an attacker to gain access to information including the contents of Zoom meetings...

PT-2019-14678 · Unknown +1 · Libiec61850 +1

Name of the Vulnerable Software and Affected Versions: libIEC61850 versions prior to 1.3.4 Description: The issue is related to a use-after-free in the MmsServer waitReady function located in the mms/iso mms/server/mms server.c file. This can be demonstrated using the server example goose...

CVE-2018-7785

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass...

CVE-2018-7776

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data...

CVE-2018-7773

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter...