OpenMcdf 安全漏洞

OpenMcdf is an open-source .NET library for manipulating compound file binary formats. Versions of OpenMcdf prior to 3.1.3 contained security vulnerabilities, which stemmed from undetected loops in the red-black tree used to manage directory entries, potentially leading to infinite loops...

CVE-2026-3830

The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

CVE-2021-47693

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject...

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse prior to version 3.1.3, which stems from the fact that the embedding functionality is susceptible to server-side request forgery...

Authorization

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged...

Rapid7 Insight Agent 安全漏洞

Rapid7 Insight Agent is a lightweight software from Rapid7, Inc. that collects data from IT assets. The software is capable of collecting data from IT assets.An arbitrary file reading vulnerability exists in Rapid7 Insight Agent versions prior to 3.1.3, which stems from the software's lack of...

WordPress Rencontre Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Rencontre plugin is a social networking site creation plugin used in it. A SQL injection vulnerability exists in WordPress Rencontre...

Wampserver Cross-Site Request Forgery Vulnerability

WampServer is an integrated installation of Apache, Mysql and PHP for the Windows platform. A cross-site request forgery vulnerability exists in the addvhost.php file in Wampserver versions prior to 3.1.3. A remote attacker can exploit this vulnerability to perform unauthorized operations...

PT-2017-8929 · Inverse · Sogo

Name of the Vulnerable Software and Affected Versions: SOGo versions prior to 3.1.3 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the View Raw Source page of the Web Calendar. These vulnerabilities allow remote attackers to inject arbitrary web script or HTM...