CVE-2026-27745 SPIP interface_traduction_objets < 2.2.2 Authenticated RCE

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

uib OPSI 安全漏洞

uib OPSI is a client management system from the German company uib. A security vulnerability exists in uib OPSI versions prior to 4.3, which stems from improper privilege management and could lead to elevated privileges...

CVE-2024-6178

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before 4.3.1...

PT-2024-12282 · Unknown · Fluid Topics

Name of the Vulnerable Software and Affected Versions: Fluid Topics versions prior to 4.3 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability, where an authenticated user can force the server to make arbitrary requests to internal and external resources...

CVE-2023-37886

Missing Authorization vulnerability in InspiryThemes RealHomes realhomes.This issue affects RealHomes: from n/a through 4.3.8...

PT-2020-8419

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 4.3.0 Mattermost Server version 4.2.1 Mattermost Server version 4.1.2 Description: The issue allows attackers to cause a denial of service, resulting in channel invisibility, via a misformatted post...

DEBIAN-CVE-2016-2056

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the addusername argument in 1 web/useradm.c or 2 web/chpasswd.c...

Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2015-00591)

Oracle VM VirtualBox is an open source virtual machine software. A security vulnerability in the VMSVGA device child of Oracle VM VirtualBox versions prior to 4.3.20 allows remote attackers to exploit the vulnerability to affect the availability, integrity of the system...

UBUNTU-CVE-2013-6408

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

UBUNTU-CVE-2011-0157

WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1...