25 matches found
EUVD-2026-29008
A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...
CVE-2026-8221
Dev s Palace ERP Online (versions up to 4.0.0) is affected by a cross-site scripting flaw in the /inventory/item-save function. The issue stems from a manipulation that enables XSS, with remote exploitation possible and an exploit published. The records indicate the vendor was contacted but did n...
CoolerControl 访问控制错误漏洞
CoolerControl is an open-source control software for cooling devices developed by CoolerControl. Versions of CoolerControl prior to 4.0.0 contained a access control vulnerability. This vulnerability stemmed from unvalidated functions, which could allow unauthenticated attackers to view and modify...
PT-2026-29611
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
Mbed TLS 安全漏洞
Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed. Versions of Mbed TLS from 3.5.0 to 4.0.0 contain security vulnerabilities, which stem from the potential for client impersonation when restoring TLS 1.3 sessions...
EUVD-2025-205508
A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...
WordPress plugin Include Fussball.de Widgets 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-62013
Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through = 4.0.0...
EUVD-2023-36820
Malicious code in bioql PyPI...
EUVD-2024-45480
Malicious code in bioql PyPI...
CVE-2021-33192
A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...
CVE-2025-1647
CVE-2025-1647 is an XSS vulnerability in Bootstrap affecting 3.4.1 up to 4.0.0, due to improper input neutralization in the Popover and Tooltip components. Several sources confirm affected versions and public advisories (Debian DLA-4204-1, GHSA advisory, Debian security tracker, and CVE records)....
CVE-2024-54125
Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...
PT-2024-39524 · Express · Express
Name of the Vulnerable Software and Affected Versions: Express versions 3.4.5 through 4.0.0 Description: This issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, affecting the use of the Express Response object. Recommendations: For Express...
CVE-2024-30481
Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0...
Apache Hive Code Injection vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...
PT-2024-19098 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.0.0 Description: The issue allows an adjacent attacker to execute arbitrary code in any apps through use after free. Recommendations: For OpenHarmony versions prior to 4.0.0, update to a version 4.0.0 or later ...
PT-2024-19088 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.0.0 Description: The issue allows a local attacker to cause a heap overflow through an integer overflow. Recommendations: For versions prior to 4.0.0, update to a version that contains a fix for this issue. At...
PT-2023-32590 · 52North · 52North Wps
Name of the Vulnerable Software and Affected Versions: 52North WPS versions prior to 4.0.0-beta.11 Description: An XXE XML External Entity vulnerability has been detected, allowing the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP...
PT-2023-27056 · Unknown · Tvcmsvideotab
Name of the Vulnerable Software and Affected Versions: theme volty tvcmsvideotab versions up to 4.0.0 Description: The issue is a SQL injection vulnerability. It occurs via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run. Recommendations: For versions up to 4.0.0, as a temporar...