PT-2026-5199

Name of the Vulnerable Software and Affected Versions Drupal CKEditor 5 Premium Features versions 0.0.0 through 1.2.9 Drupal CKEditor 5 Premium Features versions 1.3.0 through 1.3.5 Drupal CKEditor 5 Premium Features versions 1.4.0 through 1.4.2 Drupal CKEditor 5 Premium Features versions 1.5.0...

CVE-2023-2329

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

CVE-2024-9061

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action tha...

1Panel 命令注入漏洞

1Panel is an open source Linux server operations and management panel for the Chinese 1panel community. A command injection vulnerability exists in versions prior to 1.3.6 of 1Panel. The vulnerability stems from the fact that an authenticated attacker can craft a malicious load to enable command...

CVE-2022-4650

The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-1472

The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection...

Apache DolphinScheduler SQL注入漏洞

Apache DolphinScheduler is a distributed, decentralized, and easily scalable visual DAG workflow task scheduling platform developed by the Apache Foundation. Dedicated to solving the intricate dependencies in the data processing process and making the scheduling system work out-of-the-box in the...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Weather Effect, which stems from the Weather Effect WordPress plugin prior to 1.3.6 not properly validating and escaping some settings e.g. size leaf, flake lea...

PT-2021-21062 · Mbsync +2 · Mbsync +2

Name of the Vulnerable Software and Affected Versions: mbsync versions prior to 1.3.6 mbsync versions prior to 1.4.2 Description: A flaw was found in mbsync where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocate...

AZL-45153 CVE-2020-7788 affecting package nodejs-nodemon 2.0.3-5

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

UBUNTU-CVE-2020-7788

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

CVE-2020-7788 Prototype Pollution

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

ProFTPD 'tls_verify_crl' function authorization issue vulnerability

ProFTPD is a secure cloud printing solution from the ProFTPD team. The solution supports printing from laptops, desktops and mobile devices connected to printers. An authorization issue vulnerability exists in the 'tlsverifycrl' function in ProFTPD versions prior to 1.3.6. The vulnerability stems...

Code injection

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...

DEBIAN-CVE-2016-2798

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font...

DEBIAN-CVE-2016-2792

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

PT-2016-1448 · Mozilla +3 · Firefox Esr +5

Name of the Vulnerable Software and Affected Versions: Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR 38.x versions prior to 38.6.1 Description: The issue is related to the setAttr function in Graphite 2, which can be exploited by remote attackers using a...

CVE-2009-0490

Stack-based buffer overflow in the Stringparse::getnonspacequoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a .gro file containing a long string...