EUVD-2026-28250

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

UBUNTU-CVE-2026-7734

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

CVE-2026-39671

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

N2W 安全漏洞

N2W is a data backup and recovery software developed by N2W Corporation. Versions of N2W prior to 4.3.2 and 4.4.1 contained security vulnerabilities. These vulnerabilities were caused by improper validation of API request parameters, which could lead to remote code execution...

ILIAS code-related vulnerabilities

ILIAS is an open-source learning management system developed by ILIAS. Version 4.3 of ILIAS has code-related vulnerabilities; these vulnerabilities stem from server-side request forgery in the portfolio PDF export function, which may lead to the reading of local files...

TIS security vulnerabilities

TIS is an agile code development platform open source by Datavane. Versions of TIS prior to v4.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the program file XmlFile.Java, which allowed unlimited uploading of dangerous type files and untrusted data deserialization...

CVE-2026-24606

CVE-2026-24606 is a Missing Authorization (Broken Access Control) vulnerability in Bayarcash WooCommerce (bayarcash-wc) up to and including version 4.3.11 (and patched up to 4.3.12 per Patchstack). Exploitation relies on incorrectly configured access control security levels. Affected product: Bay...

Linux Distros Unpatched Vulnerability : CVE-2020-7921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to...

CVE-2021-37209

A vulnerability has been identified in RUGGEDCOM i800 All versions V4.3.8, RUGGEDCOM i801 All versions V4.3.8, RUGGEDCOM i802 All versions V4.3.8, RUGGEDCOM i803 All versions V4.3.8, RUGGEDCOM M2100 All versions V4.3.8, RUGGEDCOM M2200 All versions V4.3.8, RUGGEDCOM M969 All versions V4.3.8,...

CVE-2021-38157

LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-13490 LTL Freight Quotes – XPO Edition <= 4.3.7 - Unauthenticated SQL Injection

The LTL Freight Quotes – XPO Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 4.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

Lingdang CRM 路径遍历漏洞

Lingdang CRM Lingdang CRM is a customer relationship management system from the Chinese company Lingdang Lingdang. A path traversal vulnerability exists in Lingdang CRM version 8.6.4.3 and earlier versions, which stems from the parameter url in the file /crm/data/pdf.php that can lead to path...

CVE-2024-2541

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via...

Axiros AXESS ACS Security Breach

Axiros AXESS ACS is an industry flagship software application from Axiros, Inc. Designed to address automated service provisioning, service monitoring and service assurance. A security vulnerability exists in Axiros AXESS ACS versions 4.x prior to 4.3.2 and 5.0.0 that stems from an authorization...

CVE-2022-46856

Cross-Site Request Forgery CSRF vulnerability in ORION Woocommerce Products Designer plugin = 4.3.3 versions...

SUSE CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

SUSE CVE-2017-1000115

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository...

UBUNTU-CVE-2019-13451

In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c...