3 matches found
CVE-2026-34977
Aperi'Solve is an open-source steganalysis web platform. In versions 3.1.3 through 3.2.0, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subsequently passed into a bash -c command,...
CVE-2026-31988
yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...
WordPress Advanced Classifieds & Directory Pro Plugin <= 3.1.3 is vulnerable to Local File Inclusion
Software Advanced Classifieds & Directory Pro Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.2.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-37501 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 09c35e44898b Credits João Pedro S Alcântar...