CVE-2026-7385

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...

CVE-2026-22336

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a before 3.0.2...

PT-2026-35391

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a before 3.0.2...

WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dahmani Toumi pegaSUS in WordPress Plugin wpForo Forum versions 3.0.2...

CVE-2025-13979

Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2...

CVE-2025-13979

Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2...

jsPDF 安全漏洞

jsPDF is Parallax open source a JavaScript-based PDF document generation library . A security vulnerability exists in versions prior to jsPDF 3.0.2, which stems from the addImage method not adequately validating input, which could lead to CPU resource exhaustion and denial of service attacks...

CVE-2024-13259

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2...

Snowflake snowflake-connector-python 命令注入漏洞

Snowflake snowflake-connector-python is Snowflake's Snowflake connector for Python, which conforms to the Python DB API 2.0 specification. A command injection vulnerability exists in Snowflake snowflake-connector-python versions prior to 3.0.2. An attacker could exploit this vulnerability to caus...

npm markdown-link-extractor 安全漏洞

npm markdown-link-extractor is used to extract links from Markdown text. npm markdown-link-extractor versions prior to 3.0.2 and 4.0.0 contain a denial of service vulnerability that stems from not properly handling incoming error messages, which could be exploited by an attacker to cause a denial...

CVE-2022-0768

Server-Side Request Forgery SSRF in GitHub repository rudloff/alltube prior to 3.0.2...

Strapi Input Validation Error Vulnerability

Strapi is an open source headless content management system CMS. A security vulnerability exists in versions of Strapi prior to 3.0.2, which arises from the program storing templates in global variables after failing to perform arbitrary cleanup operations. A remote attacker can exploit this...

Mattermost Server Authorization Issues Vulnerability (CNVD-2020-35462)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.0.2. An attacker could exploit the vulnerability to obtain information...

CVE-2020-10617

There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS versions prior to 3.0.2 to gain access to sensitive information...

CVE-2020-10625

WebAccess/NMS versions prior to 3.0.2 allows an unauthenticated remote user to create a new admin account...

Advantech WebAccess/NMS Path Traversal Vulnerability

Advantech WebAccess/NMS is a web browser based software suite for Network Management Systems NMS. A path traversal vulnerability exists in Advantech WebAccess/NMS versions prior to 3.0.2, which can be exploited by an attacker with a specially crafted URL to delete files beyond the control of the...

Advantech WebAccess/NMS SQL Injection Vulnerability

Advantech WebAccess/NMS is a web browser based software suite for Network Management Systems NMS. A SQL injection vulnerability exists in Advantech WebAccess/NMS versions prior to 3.0.2. An attacker could exploit this vulnerability to gain access to sensitive information...

PYSEC-2018-106

An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...

CVE-2010-4722

Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors...

Mozilla incorrectly frees used memory (MFSA 2010-03)

Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory...