22 matches found
CVE-2026-57636
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-48887
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
CVE-2026-32366 WordPress Collapsing Categories plugin <= 3.0.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through = 3.0.9...
WordPress New User Approve plugin <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling vulnerability
Unauthenticated Sensitive Information Disclosure via Type Juggling vulnerability discovered by Powpy in WordPress Plugin New User Approve versions = 3.0.9...
Unverified Password Change
Overview flowise-ui is a Affected versions of this package are vulnerable to Unverified Password Change via the profile update process. An attacker can gain unauthorized access to user accounts by changing the authentication password without additional verification steps. Note: This is only...
CVE-2024-38764
Cross-Site Request Forgery CSRF vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9...
com.easy-flowable:easy-flowable-solon-plugin (>=1.0.0 <=1.0.2), com.luomor.pcsms:pcsms-solon-plugin-example (>=1.0.0 <=1.0.1) +17 more potentially affected by CVE-2025-1584 via org.noear:solon-web-staticfiles (>=2.9.2-M1 <=3.0.9-M2)
org.noear:solon-web-staticfiles MAVEN version =2.9.2-M1, =1.0.0, =1.0.0, =2024.3.0, =1.3.0, =20250107, =3.3.4, =1.8.4, =1.3.1, =1.7.8, =1.8.0, =2.9.2, =2.9.2, =2.9.2, =2.9.2, =3.0.10-M1 and more Source cves: CVE-2025-1584 Source advisory: OSV:GHSA-X8Q6-CCHR-P7M6...
PT-2024-16298 · Vince · Vince
Name of the Vulnerable Software and Affected Versions: VINCE versions prior to 3.0.9 Description: The issue allows exposure of user information to authenticated users. Recommendations: For versions prior to 3.0.9, update to version 3.0.9 or later to resolve the issue...
PT-2023-19869 · Premio · Premio Chaty Plugin
Name of the Vulnerable Software and Affected Versions: Premio Chaty plugin versions 3.0.9 and earlier Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal...
CVE-2023-3190
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
CVE-2023-3190
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
CVE-2023-3191
Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
CVE-2023-3191 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
PT-2023-23506 · Teampass · Teampass
Name of the Vulnerable Software and Affected Versions: teampass versions prior to 3.0.9 Description: The issue is related to improper encoding or escaping of output in the GitHub repository nilsteampassnet/teampass. This may have led to stored cross-site scripting XSS vectors in the application d...
CVE-2023-3009
Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
CVE-2023-2859 Code Injection in nilsteampassnet/teampass
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
CVE-2022-4527
A vulnerability was found in collective.task up to 3.0.8. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotel...
Design/Logic Flaw
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...
PT-2020-5746 · Flask +3 · Flask-Cors +3
Name of the Vulnerable Software and Affected Versions: Flask-CORS versions prior to 3.0.9 Description: The issue is related to incorrect path naming checks in the Flask-CORS extension for handling resource sharing between sources. This allows a remote attacker to access private resources by...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server bundled with IBM i2 Intelligence Analysis Platform. (CVE 2015-7450)
Summary WebSphere Application Server is shipped as a component of IBM i2 Intelligence Analysis Platform. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin...