WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Alukas versions 3.0.0...

CVE-2026-24871

Improper Control of Generation of Code 'Code Injection' vulnerability in pilgrimage233 Minecraft-Rcon-Manage.This issue affects Minecraft-Rcon-Manage: before 3.0...

SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0 (CVE-2025-12774)

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

PT-2026-1953

Name of the Vulnerable Software and Affected Versions Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 Description The Ruckus vRIoT IoT Controller firmware contains hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessib...

VulnCheck KEV: CVE-2022-0142

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

UBUNTU-CVE-2024-49767

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

CVE-2024-41940

A vulnerability has been identified in SINEC NMS All versions V3.0. The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges...

Apache Superset 输入验证错误漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset versions prior to 3.0.0. The vulnerability stems from the presence of improper input validation, which can be exploited by an...

CVE-2023-3374

Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation. This issue affects Bookreen: before 3.0.0...

TeamPass 跨站脚本漏洞

TeamPass is an open source password manager from the individual developer Nils Laumaillé. A cross-site scripting vulnerability exists in versions prior to TeamPass 3.0.9, which stems from vulnerability to stored cross-site scripting XSS attacks...

GHSA-J26G-95PH-2MWV Mattermost Server: Insufficient Password-Reset Link Invalidation

An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused...

CVE-2022-29882

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could - when a legitimate user accesses the error logs - perform arbitrary...