19 matches found
CVE-2026-57348 WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability
Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...
CVE-2026-32881 ewe has an Overly Permissive List of Allowed Inputs
ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9...
CVE-2026-32873
CVE-2026-32873 affects the Gleam-based web server ewe (versions 0.8.0–3.0.4). The bug in handle_trailers causes an infinite loop when encountering rejected trailers by recursively re-parsing the same header (using rest) instead of advancing past it (Buffer(header_rest, 0)). This leads to a perman...
CVE-2025-69388 WordPress Cliengo – Chatbot plugin <= 3.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo – Chatbot: from n/a through = 3.0.4...
CVE-2026-23545
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through = 3.0.4...
CVE-2026-23545
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through = 3.0.4...
PT-2026-20663
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through = 3.0.4...
CVE-2026-2532
A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...
CVE-2026-2532 lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery
A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...
PT-2026-8308
A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the Connection module. An attacker can access sensitive connection details by using READ permissions through both the API and the UI due to the regression that allows to bypass the...
PYSEC-2025-85
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...
PT-2025-39520
Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.0.3 Description A change in Apache Airflow 3 introduced a "write-only" model for sensitive connection information, intended to restrict access to Connection Editing Users. However, in version 3.0.3, this...
CVE-2025-30588
Cross-Site Request Forgery CSRF vulnerability in ryanxantoo Map Contact map-contact allows Stored XSS.This issue affects Map Contact: from n/a through = 3.0.4...
WordPress Map Contact plugin <= 3.0.4 - CSRF to Stored XSS Vulnerability
CSRF to Stored XSS Vulnerability discovered by Abdi Pranata in WordPress Plugin Map Contact versions = 3.0.4...
PT-2024-19589 · Livewire · Livewire
Name of the Vulnerable Software and Affected Versions: livewire versions prior to 3.0.4 Description: A Cross-Site Request Forgery CSRF issue allows remote attackers to execute arbitrary code via the getCsrfToken function. The vendor disputes this, stating that the 5d88731 commit fixes a usability...
PT-2023-24638 · WordPress · Miled Wordpress Social Login
Name of the Vulnerable Software and Affected Versions: Miled WordPress Social Login plugin versions = 3.0.4 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to...
PT-2020-7478 · Varnish · Varnish Http Cache
Name of the Vulnerable Software and Affected Versions: Varnish HTTP cache versions prior to 3.0.4 Description: The issue is related to an ACL bug in the Varnish HTTP cache. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents wher...
vBulletin Init.PHP unspecified vulnerability
The remote host is running vBulletin, a web based bulletin board system written in PHP. The remote version of this software is vulnerable to an unspecified issue. It is reported that versions 3.0.0 through to 3.0.4 are prone to a security flaw in 'includes/init.php'. Successful exploitation...