5 matches found
WordPress Groundhogg plugin <= 4.2.6.1 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by NAKLEH ZEIDAN in WordPress Plugin Groundhogg versions = 4.2.6.1...
CVE-2025-10147 Podlove Podcast Publisher <= 4.2.6 - Unauthenticated Arbitrary File Upload
The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'moveasoriginalfile' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
MAL-2025-1510 Malicious code in @visma-spcs-registry/react-common-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b825ada9ae1a47ba7b535f78569c691ddf561ab61c2f4839ed0edb11d91403ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2018-14746
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS...
CVE-2018-14749
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS...