WordPress JetBooking plugin <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter vulnerability

Unauthenticated SQL Injection via 'checkindate' Parameter vulnerability discovered by hoshino in WordPress Plugin JetBooking versions = 4.0.3...

Phraseanet vulnerable to stored cross-site scripting through crafted file names

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or...

CVE-2026-22611

The CVE-2026-22611 issue affects the AWS SDK for .NET (versions 4.0.0 through 4.0.3.2) where the region input field could be set to an invalid value, causing AWS API calls to be routed to non-existent or non‑AWS hosts. A defense‑in‑depth enhancement was added in v4, validating that the region for...

CVE-2023-4158

Cross-site Scripting XSS - Stored in GitHub repository omeka/omeka-s prior to 4.0.3...

Shell Script Compiler 安全漏洞

Shell Script Compiler is a Shell Script Compiler by the individual developer Md Jahidul Hamid. A security vulnerability exists in Shell Script Compiler version 4.0.3 and earlier, which stems from a stack buffer overflow in the file src/shc.c function make...

CVE-2024-40740

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/id/edit/...

CVE-2024-40731

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/id/edit/...

CVE-2024-40728

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/id/edit/...

CVE-2024-40742

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add...

CVE-2024-40727

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/...

CVE-2023-29863

Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files...

CVE-2025-30219

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

PT-2025-2840 · Arprice · Arprice

Name of the Vulnerable Software and Affected Versions: NotFound ARPrice versions n/a through 4.0.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for the injection of SQL code, potentially...

DEBIAN-CVE-2021-27548

There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode function in XFAScanner.cc in xpdf 4.03...

PT-2021-14356

Name of the Vulnerable Software and Affected Versions: OneDev versions prior to 4.0.3 Description: OneDev is an all-in-one devops platform. The REST UserResource endpoint performs a security check to ensure only administrators can list user details. However, the /users/id endpoint lacks security...

Quest DR Series Disk Backup Software Command Injection Vulnerability (CNVD-2018-15866)

The Quest DR Series are disk storage and deduplication appliances. A command injection vulnerability exists in the "user update" method in versions of Quest DR Series disk backup software prior to version 4.0.3.1. An attacker could exploit this vulnerability to execute arbitrary system commands...

ALPINE-CVE-2014-8127

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted TIFF image to the 1 checkInkNamesString function in tifdir.c in the thumbnail tool, 2 compresscontig function in tiff2bw.c in the tiff2bw tool, 3 putcontig8bitCIELab function in...

OxygenOS Elevation of Privilege Vulnerability

The OnePlus 3 and 3T are both smartphones from China's OnePlus Technology OnePlus.OxygenOS is the operating system it comes with. An elevation of privilege vulnerability exists in OxygenOS versions prior to 4.0.3. The vulnerability can be exploited by an attacker to execute arbitrary code and...