CVE-2026-23902 Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

[SECURITY] Fedora 42 Update: rsync-3.4.1-5.fc42

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

opensourcepos 安全漏洞

opensourcepos is an open-source POS system developed by opensourcepos. Version 3.4.1 of opensourcepos contains a security vulnerability. This vulnerability stems from the Sales.php::getInvoice function, which involves local file inclusion, potentially allowing for the reading of arbitrary files o...

CVE-2025-63027

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webcreations907 WBC907 Core wbc907-core allows Stored XSS.This issue affects WBC907 Core: from n/a through = 3.4.1...

CVE-2025-67598 WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through = 3.4.1...

EUVD-2025-30636

Malicious code in bioql PyPI...

CVE-2023-41939

Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted typically optional permissions, like Overall/Manage to access functionality they're no longer entitled to...

Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS. This issue affects Bootstrap version 3.4.1. At time of publication, there is no publicly available patched version...

CVE-2024-13480 LTL Freight Quotes – For Customers of FedEx Freight <= 3.4.1 - Unauthenticated SQL Injection

The LTL Freight Quotes – For Customers of FedEx Freight plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 3.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

novel 安全漏洞

novel is an open source novel system by xxyopen open source. A security vulnerability exists in novel version 3.4.1 and earlier versions, which stems from an incorrect operation of the parameter sort that can lead to SQL injection...

PT-2024-28007 · Nato · Nato Nci Anet

Name of the Vulnerable Software and Affected Versions: NATO NCI ANET version 3.4.1 Description: The issue allows for Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user. Recommendations: For NATO NCI ANET version 3.4.1...

PYSEC-2020-267

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By...

Jirafeau Cross-Site Scripting Vulnerability (CNVD-2018-12870)

Jirafeau is a file sharing website system. A cross-site scripting vulnerability exists in the 'search file by link' form in Jirafeau versions prior to 3.4.1. A remote attacker can use this vulnerability to steal sessions and gain administrative privileges...