46 matches found
Abacus 安全漏洞
Abacus is a highly extensible and stateless counting API by Jason Cameron Personal Developer. A security vulnerability exists in Abacus versions prior to 1.4.0 that stems from a goroutine leak in the Server-Sent Events implementation...
WordPress Themes Coder plugin < 1.4.0 - Unauthenticated SQLi vulnerability
Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin Themes Coder versions 1.4.0...
WordPress plugin Fancy Roller Scroller 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner from an individual developer in Hayden, USA. A security vulnerability exists in Mealie versions prior to 1.4.0, which stems from a lack of rate limiting on the endpoint also allows an attacker to generate persistent requests to any target of...
PT-2024-24344 · Mealie · Mealie
Name of the Vulnerable Software and Affected Versions: Mealie versions prior to 1.4.0 Description: Mealie, a self-hosted recipe manager and meal planner, has an issue where an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole,...
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner from an individual developer in Hayden, USA. A security vulnerability exists in Mealie versions prior to 1.4.0, which stems from the scrapeimage function will retrieve an image based on a user-supplied URL, but the supplied URL is not...
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner from an individual developer in Hayden, USA. A security vulnerability exists in Mealie versions prior to 1.4.0 that stems from a safescrapehtml function that utilizes a user-controlled URL to make requests to a remote server that are not...
PT-2024-4402 · Apple +2 · Apple Macos +7
Name of the Vulnerable Software and Affected Versions: dav1d versions prior to 1.4.0 libdav1d-sys versions prior to 0.7.0 CoreMedia and WebRTC in Apple devices affected versions not specified Description: The issue is related to an integer overflow in the dav1d AV1 decoder that can occur when...
PT-2023-30383 · WordPress · Wp All Export Pro +1
Name of the Vulnerable Software and Affected Versions: Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 Description: The issue concerns the lack of validation and sanitization of the wp query parameter, allowi...
Free Lossless Audio Codec 安全漏洞
Free Lossless Audio Codec FLAC is an open source software from the Xiph.Org Foundation open source. It can reduce the amount of storage space needed to store digital audio signals. A security vulnerability exists in versions of Free Lossless Audio Codec prior to 1.4.0, which stems from a buffer...
CVE-2023-3140
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
KNIME Business Hub 安全漏洞
KNIME Business Hub is KNIME's enterprise software for data science automation, deployment modeling, team collaboration and management workflows. A security vulnerability exists in KNIME Business Hub versions prior to 1.4.0. An attacker exploiting this vulnerability could access internal informati...
SUSE CVE-2019-16792
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two...
FrameworkUserBundle 安全漏洞
FrameworkUserBundle is a framework bundle of Sumo Coders open source . Used to manage dynamic shared libraries and their related resources. A security vulnerability exists in FrameworkUserBundle versions prior to 1.4.0, which stems from some unknown functionality in the file...
OrchardCore 跨站脚本漏洞
OrchardCore is an open source modular and multi-tenant application framework built using ASP.NET Core, and a content management system CMS built on top of the framework. orchardCore 0.0.1 and later, and versions prior to 1.4.0, is vulnerable to a cross-site scripting vulnerability that stems from...
PrivateBin 跨站脚本漏洞
PrivateBin is a minimalist open source online pastebin. PrivateBin versions prior to 1.4.0 have a cross-site scripting vulnerability , the vulnerability stems from the SVG can contain JavaScript. attackers use this vulnerability to execute code...
SSH 操作系统命令注入漏洞
SSH is an application protocol of SSH. It provides encrypted transmission of network traffic. An operating system command injection vulnerability exists in ssh 2 prior to version 1.4.0 that could lead to remote code execution...
resolve-path path traversal vulnerability
resolve-path is a module for resolving and validating relative paths to the root path. A path traversal vulnerability exists in resolve-path versions prior to 1.4.0, which stems from the program's lack of detection of paths with special strings. An attacker can exploit this vulnerability to read...
Synology MailPlus Server Disclaimer Cross-Site Scripting Vulnerability
Synology MailPlus Server is an email service suite from Synology. The product supports managing user accounts, email records, etc. Disclaimer is one of the disclaimer modules. A cross-site scripting vulnerability exists in Disclaimer in Synology MailPlus Server versions prior to 1.4.0-0415. A...