9 matches found
CVE-2026-9690
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
CVE-2026-44308
CVE-2026-44308 concerns Spring Cloud AWS, where the SNS HTTP/HTTPS endpoint support methods (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) failed to verify incoming SNS message signatures from versions 3.0.0 through 4.0.1. An unauthent...
be.appify.prefab:prefab-sns-sqs (>=0.4.0 <=0.7.1), be.appify.prefab:prefab-test (>=0.4.0 <=0.7.1) +8 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-sns (>=4.0.0-M1 <=4.0.1)
io.awspring.cloud:spring-cloud-aws-sns MAVEN version =4.0.0-M1, =0.4.0, =0.4.0, =4.0.0, =4.0.0, =4.0.0, =2.1.0, =1.3.0, =7.0.0, =7.0.0, =7.3.1 Source cves: CVE-2026-44308 Source advisory: SNYK:JAVA-IOAWSPRINGCLOUD-16799818...
CRLF Injection
Overview sse-channel is a Server-Sent Events "channel" where all messages are broadcasted to all connected clients, history is maintained automatically and server attempts to keep clients alive by sending "keep-alive" packets automatically. Affected versions of this package are vulnerable to CRLF...
CVE-2025-40941
A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of targeted attacks...
WordPress Streamit plugin <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Download vulnerability
Authenticated Subscriber+ Arbitrary File Download vulnerability discovered by István Márton in WordPress Theme Streamit versions = 4.0.1...
WordPress Super Testimonials plugin <= 4.0.1 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin Testimonials versions = 4.0.1...
PT-2023-12541 · What3Words · What3Words Autosuggest Plugin
Name of the Vulnerable Software and Affected Versions: what3words Autosuggest Plugin versions up to 4.0.0 Description: A vulnerability has been found in the what3words Autosuggest Plugin, classified as problematic. The issue affects the enqueue scripts function of the file...
PT-2023-16322 · Isoftforce · Isoftforce Dreamer Cms
Name of the Vulnerable Software and Affected Versions: isoftforce Dreamer CMS versions up to 4.0.1 Description: A vulnerability has been found in the software, classified as problematic, and it affects unknown code. The manipulation of this issue leads to cross site scripting. The attack can be...