8674 matches found
EUVD-2026-24682
The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...
CVE-2026-4140
The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...
CVE-2026-4140 Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action
The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...
CVE-2026-4140 Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action
The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...
CVE-2026-4140
The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...
SUSE CVE-2026-35588
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...
SUSE CVE-2026-39378
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...
WordPress plugin Ni WooCommerce Order Export 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-34297
Name of the Vulnerable Software and Affected Versions Ni WooCommerce Order Export versions prior to 3.1.7 Description An issue exists where missing nonce validation in the ni order export action AJAX handler function allows unauthenticated attackers to modify plugin settings via a forged request...
PT-2026-35066
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.5 Description An authenticated attacker can perform directory traversal to read arbitrary workspace files, including the full SQLite database siyuan.db, kernel logs, and all user documents. This occurs because the...
WordPress Ni WooCommerce Order Export plugin <= 3.1.6 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Ni WooCommerce Order Export versions = 3.1.6...
EUVD-2026-23992
Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values...
SQL Injection
Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to SQL Injection via unsanitized configuration values in the Cassandra export module. An attacker can redirect monitoring data to an unauthorized Cassandra keyspace and exfiltrate...
GHSA-GRP3-H8M8-45P7 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values
Summary The Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write access to glances.conf can redirect all monitoring data to an attacker-controlle...
BuildReview2
BuildReview2 - Attack-Path-Driven Windows Host Review A rewri...
CVE-2026-35588
A flaw was found in Glances, an open-source system monitoring tool. A user with write access to the glances.conf configuration file can exploit a CQL Cassandra Query Language injection vulnerability in the Cassandra export module. This allows an attacker to manipulate configuration values,...
CVE-2026-39378
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...
CVE-2026-35588
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...
DEBIAN-CVE-2026-35588
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...
PT-2026-33879
Name of the Vulnerable Software and Affected Versions nbconvert versions 6.5 through 7.17.0 Description The nbconvert tool converts Jupyter notebooks to various formats using Jinja templates. When the HTMLExporter.embed images variable is set to True, the markdown renderer allows arbitrary file...