14 matches found
CVE-2026-41434
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion can crash the PKCS11 TA. Version 4.11.0 contains a patch. ...
CVE-2026-44371
Open OnDemand (HPC portal) is affected prior to versions 4.0.11, 4.1.5, and 4.2.2. The issue allows specially crafted filenames to execute JavaScript in the file browser. The vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2. Impact is web/application-level, with JavaScript execution in the file...
EUVD-2025-204785
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gettemplatecontent' function in all versions up to, and including, 4.11.53. This makes it possible for...
EUVD-2025-37024
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...
CVE-2025-43866
Vantage6 Server JWT secret not cryptographically secure: the auto-generated key uses UUID1, which is partially predictable. This exposes potential forgery of security tokens. The issue is fixed in version 4.11.0; upgrading to 4.11.0+ or defining a custom JWT secret in configuration mitigates the ...
CVE-2022-24710
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed i...
PerfreeBlog 安全漏洞
PerfreeBlog is PerfreeBlog open source, a java-based blog/CMS builder. A security vulnerability exists in PerfreeBlog version 4.0.11, which originates from the presence of arbitrary file uploads in the attach component and could lead to the execution of arbitrary code...
PT-2024-38966 · WordPress · Social Web Suite – Social Media Auto Post
Name of the Vulnerable Software and Affected Versions: The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress versions up to, and including, 4.1.11 Description: The issue concerns a Directory Traversal vulnerability, which allows unauthenticated attackers to...
CVE-2022-38147
Silverstripe silverstripe/framework through 4.11 allows XSS issue 3 of 3...
CVE-2021-41830
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory...
CVE-2020-9460
Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable...
WordPress mailchimp-for-wp plugin cross-site scripting vulnerability (CNVD-2019-35215)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. mailchimp-for-wp is a plugin used to send e-mail to subscribers. A cross-site scripting vulnerability exists in WordPress...
DEBIAN-CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directorie...
UBUNTU-CVE-2016-6830
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases o...