15 matches found
CVE-2026-40249
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...
WordPress WPVulnerability plugin <= 4.2.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WPVulnerability versions = 4.2.1...
CVE-2025-67993 WordPress Atarim plugin <= 4.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through = 4.2.1...
CVE-2025-34282 ThingsBoard < v4.2.1 SVG Image SSRF
ThingsBoard versions 4.2.1 contain a server-side request forgery SSRF vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may...
CVE-2021-41947
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode...
CVE-2020-18325
Multilple Cross Site Scripting XSS vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel...
CVE-2020-28849
Cross Site Scripting XSS vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module...
CVE-2025-31601
Cross-Site Request Forgery CSRF vulnerability in appointy Appointy Appointment Scheduler appointy-appointment-scheduler allows Cross Site Request Forgery.This issue affects Appointy Appointment Scheduler: from n/a through = 4.2.1...
WordPress plugin miniorange otp verification 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Smash Balloon Social Post Feed plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Smash Balloon Social Post Feed versions = 4.2.1...
Missing Release of Resource after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the AuthenticationService. A cached token persists after the lifetime of the request due to an improper implementation of relations between ITokens and IUsers. An attacker can cau...
Subrion CMS跨站脚本漏洞
Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in Subrion version 4.2.1, which can be triggered by an attacker via a heade...
Unspecified Vulnerability in Oracle Hospitality Guest Access (CNVD-2017-31510)
Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. The solution provides human resources cost management, provide customers with the entire journey of service tracking management to improve custome...
Unspecified Vulnerability in Oracle Hospitality e7
Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. hospitality e7 is a single point component of this. A security vulnerability exists in the Other subcomponent of the Hospitality e7 component of...
CVE-2016-1194
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service...