CVE-2026-4512 WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

PT-2024-40045 · Unknown · Random Compat

Name of the Vulnerable Software and Affected Versions: random compat versions prior to 2.0 Description: The issue is related to the insecure usage of Cryptographically Secure Pseudo-Random Number Generators CSPRNG. The affected versions use openssl random pseudo bytes, which may result in...

PT-2024-22616 · Unknown · Swift Prometheus

Name of the Vulnerable Software and Affected Versions: Swift Prometheus versions prior to 2.0.0-alpha.2 Description: The issue arises when un-sanitized string values are applied into metric names or labels, allowing an attacker to send a ?lang query parameter with newlines, or similar characters...

CVE-2024-23812

A vulnerability has been identified in SINEC NMS All versions V2.0 SP1. The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection...

Microweber Access Control Error Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. An Access Control Error vulnerability exists in Microweber versions prior to 2.0 that...

Microweber Cross-Site Scripting Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 2.0, which...

CVE-2022-30527

A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...

Hotel Management System SQL Injection Vulnerability

Hotel Management System is a hotel management system based MIS project by Prem Chand Saini, an individual developer in India. A SQL injection vulnerability exists in Mava Software Hotel Management System prior to version 2.0, which stems from susceptibility to SQL injection attacks...

SUSE CVE-2009-3373

Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors...

DEBIAN-CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

Broadcom Brocade SANnav Trust Management Issue Vulnerability

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A trust management issue vulnerability exists in the ReportsTrustManager class in Broadcom Brocade SANnav versions prior to 2.0. The vulnerability stems from the lack of an effective trust management mechanism in th...

CVE-2018-13816

A vulnerability has been identified in TIM 1531 IRC All version V2.0. The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user...

LibreHealthIO LH-EHR Local File Disclosure Vulnerability

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. A local file disclosure vulnerability exists in the import of templates in versions prior to LibreHealthIO LH-EHR REL-2.0.0. An attacker can exploit this vulnerability to disclose sensitiv...

Red Hat 3scale Authentication Bypass Vulnerability

Red Hat 3scale aka RH-3scale API Management Platform AMP is an API Application Programming Interface management platform from Red Hat. The platform includes API tools for access control, rate limiting, analytics, billing and payment. A security vulnerability exists in Red Hat 3scale AMP versions...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERYSTRING to serendipity/index.php...

CVE-2014-2894

Off-by-one error in the cmdsmart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption...

CVE-2014-2894

Off-by-one error in the cmdsmart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption...

PT-2012-1085 · Red Hat +2 · Systemtap +3

Name of the Vulnerable Software and Affected Versions: SystemTap versions 1.6, 1.7 and probably other versions SystemTap versions prior to 2.0 Description: The issue allows local users to obtain sensitive information from kernel memory or cause a denial of service via vectors related to crafted...

Firefox crash in proxy auto-configuration regexp parsing

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration PAC file...

Firefox heap buffer overflow in GIF color map parser

Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors...