14 matches found
EUVD-2026-15651
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through 4.8.4...
CVE-2026-25340
CVE-2026-25340 affects WordPress/NooTheme Jobmonster plugin/theme versions prior to 4.8.4. The issue is an SQL Injection (Blind) caused by improper neutralization of SQL commands, enabling an attacker to perform blind queries. Exposure is described as affecting Jobmonster from unspecified version...
CVE-2026-27605
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the application allows uploading files project logos without validating the file type or content. It trusts the extension provided by the user...
CVE-2026-27603 Chartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_id/filter missing verifyToken + checkPermissions
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:projectid/chart/:chartid/filter is missing both verifyToken and checkPermissions middleware, allowing...
WordPress ShopEngine plugin <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update vulnerability
Insufficient Authorization to Authenticated Editor+ Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin ShopEngine versions = 4.8.3...
Moderate: Red Hat Security Advisory: RHACS 4.8.4 security and bug fix update
Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to...
UBUNTU-CVE-2023-45195
Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4...
PT-2024-24052 · Unknown · Roamwifi R10
Name of the Vulnerable Software and Affected Versions: RoamWiFi R10 versions prior to 4.8.45 Description: The issue is related to active debug code, allowing a network-adjacent unauthenticated attacker with access to the device to perform unauthorized operations. Recommendations: For RoamWiFi R10...
PT-2023-2254 · Samba +6 · Samba +6
Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.6.16 Samba versions prior to 4.7.9 Samba versions prior to 4.8.4 Samba versions prior to 4.9.7 Description: The issue is related to insufficient protection of service data, which may allow a remote attacker to disclo...
Atlassian Fisheye and Crucible Information Disclosure Vulnerabilities
Atlassian Fisheye and Crucible are both products of Atlassian Australia.Atlassian Fisheye is a suite of source code deep viewing software.Crucible is a suite of code review tools. A security vulnerability exists in versions of Atlassian Fisheye and Crucible prior to 4.8.4 that allows remote...
CVE-2020-14191
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4...
DEBIAN-CVE-2018-19968
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...
UBUNTU-CVE-2018-10918
A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable...