424 matches found
BIT-SUPERSET-2025-55674 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions
A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...
Linux Distros Unpatched Vulnerability : CVE-2022-1452
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in rbinjavabootstrapmethodsattrnew function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past...
Linux Distros Unpatched Vulnerability : CVE-2019-20810
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go7007sndinit in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call sndcardfree for a failure path, which causes a memory leak,...
Linux Distros Unpatched Vulnerability : CVE-2022-0433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the mapgetnextkey function of the BPF bloom filter. Thi...
EMQX 代码问题漏洞
EMQX is an MQTT messaging server from EMQX Corporation. A code issue vulnerability exists in EMQX versions prior to 5.8.6 that stems from the Dashboard interface allowing the installation of arbitrary plugins, which could lead to a security risk...
CVE-2025-36728
Cross-Site Request Forgery CSRF vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11...
UBUNTU-CVE-2014-0468
Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories SVN, Git, Bzr.... This issue affects fusionforge: before 5.3+20140506...
Weblate 安全漏洞
Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate versions prior to 5.12 that stems from an audit log notification containing full IP addresses, which could lead to information disclosure...
Weblate 安全漏洞
Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate versions prior to 5.12, which stems from a failure to rate-limit second-factor authentication and could lead to OTP guessing...
CVE-2025-4687 Account pre-hijacking through invite misuse
In Teltonika Networks Remote Management System RMS, it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account a...
MegaBIP SQL注入漏洞
MegaBIP is a software for creating BIP websites from MegaBIP Inc. A SQL injection vulnerability exists in versions prior to MegaBIP 5.20 that stems from uncleaned user input and could lead to a SQL injection attack...
StrangeBee TheHive 代码问题漏洞
StrangeBee TheHive is an application from StrangeBee, Inc. A code issue vulnerability exists in StrangeBee TheHive versions prior to 5.5.1 that stems from server-side request forgery and could lead to access to internal resources...
CVE-2021-24364
The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting XSS vulnerability...
CVE-2019-19016
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database...
CVE-2025-39366
Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0...
CVE-2025-39350
CVE-2025-39350 : WordPress wProject theme prior to 5.8.0 suffers an unauthenticated post/comment/attachment modification/deletion vulnerability. Exploitation requires no authentication, enabling an attacker to modify or delete content on vulnerable sites running wProject
CVE-2025-39365 WordPress wProject theme < 5.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0...
lockfile linting 安全漏洞
lockfile linting is a tool by Liran Tal Personal Developer. A security vulnerability exists in lockfile linting versions prior to 5.9.2, which stems from package URL validation being out of order, and could lead to the installation of unintended npm packages...
Drupal Enterprise MFA - TFA for Drupal 安全漏洞
Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0, which stems from the use of an alternate path or channel to bypass...
CVE-2025-2421
Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Informatics SambaBox allows Code Injection. This issue affects SambaBox: before 5.1...