19 matches found
EUVD-2026-39744
Administrator SQL Injection in WP All Import = 4.0.1 versions...
EUVD-2026-37647
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
CVE-2026-7509 KIA Subtitle <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]
The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2026-44217
sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into t...
GHSA-7C47-XR7Q-P6HG free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter
Impact This is an Improper Input Validation vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed group-id-list parameter. This results in complete denial of service for...
CVE-2026-1064
Summary of CVE-2026-1064 (bastillion-io Bastillion) Affects Bastillion up to version 4.0.1 in the System Management Module, specifically the SystemKtrl.java component. The vulnerability arises from a manipulation of the file path src/main/java/io/bastillion/manage/control/SystemKtrl.java, leading...
Selea CarPlateServer 访问控制错误漏洞
Selea CarPlateServer is a car plate recognition software from Selea, Italy. An access control error vulnerability exists in Selea CarPlateServer version 4.0.1.6, which originates from the ability to bypass authentication by manipulating the NOLISTEXEPATH configuration parameter, which could lead ...
CVE-2025-60633
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the NudmSubscriberDataManagement API...
CVE-2025-55341
Cross Site Scripting vulnerability in Quipux 4.0.1 through e1774ac allows anexos/anexosnuevo.php asocImgRad...
CVE-2023-39650
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single...
Jenkins plugin Cadence vManager 安全漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...
Flask-CORS vulnerable to Improper Handling of Case Sensitivity
corydolphin/flask-cors version 5.0.1 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...
Apache Hive Incorrectly Assigns Permissions for a Critical Resource
Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to...
IBM Aspera Orchestrator 安全漏洞
IBM Aspera Orchestrator is a Web-based application from International Business Machines IBM, Inc. It can provide data-driven organizations with an efficient document processing pipeline. An HTTP header injection vulnerability exists in IBM Aspera Orchestrator version 4.0.1, which can be exploited...
PT-2023-21919 · Apache · Apache Airflow Spark Provider
Name of the Vulnerable Software and Affected Versions: Apache Airflow Spark Provider versions prior to 4.0.1 Description: The issue is related to improper input validation in the Apache Airflow Spark Provider. This allows the host and schema of JDBC Hook to contain / and ?, which can be used to...
CVE-2022-36356
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin = 4.0.1 at WordPress...
D-Link DSL-2640B B2 Trust Management Issue Vulnerability
The D-Link DSL-2640B B2 is a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DSL-2640B B2 EU4.01B version, which comes with hard-coded accounts in the router. The vulnerability can be exploited by an attacker to log in to the management interface,...
PT-2019-13238 · Xpdf · Xpdf
Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: The issue is a heap-based buffer over-read in the JBIG2Stream::readTextRegionSeg function, which can be triggered by sending a crafted PDF document to the pdftoppm tool. This might allow an attacker to cause...
phaos-disclose.txt
Remote File Disclosure Vulnerability in showSource.php phaos4.0.1 MY HOmE : WWW.PAL-HACkEr.COM WWW.ATSDP.COM AUTHOR : HaCkeREgY My HoMe : www.PaL-HaCker.com & www.ATSDP.com ConTacT : [email protected] ----------------------------------------------- script: phaos4.0.1...