9 matches found
CVE-2026-9189
The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...
CVE-2026-40102 Plane: ORM Field Reference Injection via `segment` Parameter in Saved Analytics
Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...
EUVD-2024-44533
Malicious code in bioql PyPI...
CVE-2024-4976
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference...
CVE-2024-4976
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference...
CVE-2024-4976 Out-of-bounds array write in Xpdf 4.05 due to missing object type check
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference...
CVE-2024-4976
CVE-2024-4976 affects Xpdf; an out-of-bounds write occurs in AcroForm field reference due to a missing object type check in Xpdf 4.05 and earlier. Fedora advisories and Slackware/Nessus entries corroborate impact and note remediation by updating to 4.06. Practical impact is an out-of-bounds write...
CVE-2024-4976 Out-of-bounds array write in Xpdf 4.05 due to missing object type check
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference...
CVE-2024-4976
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference...