20 matches found
CVE-2026-52714 WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...
CVE-2026-40192 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, superset, tritonserver-backend-vllm-cuda-12.9, open-webui, py3-vllm-cuda-12.4, text-generation-inference, litellm...
CVE-2023-30860
WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert...
CVE-2019-18447
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions...
WordPress Order Delivery Date Pro for WooCommerce plugin < 12.4.0 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Order Delivery Date for WP e-Commerce versions 12.4.0...
FreeBSD Security Vulnerabilities
FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD that stems from a denial of service DOS vulnerability in which the pf4 packet filter does not properly validate TCP sequence numbers. Affected products and versions: FreeBSD...
Vulnerabilities fixed in SugarCRM
Vulnerabilities have been fixed in SugarCRM. A malicious party can exploit the vulnerabilities to conduct a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or access sensitive data in the context of the victim's...
WWBN AVideo 命令注入漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A command injection vulnerability exists in WWBN AVideo versions prior to 12.4, which stems from the presence of a command injection vulnerability that can be exploited by an attacker to remotely execute code...
WWBN AVideo 操作系统命令注入漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. WWBN AVideo version prior to 12.4 suffers from an operating system command injection vulnerability that stems from the presence of an operating system command injection vulnerability. An attacker can exploit this vulnerabili...
WWBN AVideo 操作系统命令注入漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo versions prior to 12.4. An attacker can exploit the vulnerability to execute arbitrary code via the video link field to embed video link functionality...
CVE-2022-26753
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges...
CVE-2022-26750
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges...
UVI-2021-1000294 spi: stm32: Fix use-after-free on unbind
spi: stm32: Fix use-after-free on unbind This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...
UVI-2021-1000234 mt76: mt7615: Fix a dereference of pointer sta before it is null checked
mt76: mt7615: Fix a dereference of pointer sta before it is null checked This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...
OPENSUSE-SU-2020:1243-1 Security update for postgresql12
This update for postgresql12 fixes the following issues: - update to 12.4: CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure...
CVE-2020-2723
Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HT...
GitLab has an unspecified vulnerability (CNVD-2019-42896)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...
Apple iOS, Apple tvOS and watchOS Core Data Component Resource Management Error Vulnerability
Apple iOS is an operating system developed for mobile devices. apple tvOS is a smart TV operating system. apple watchOS is a smart watch operating system. core data is one of the frameworks used to manage the model layer objects in an application. A resource management error vulnerability exists ...
CVE-2018-3046
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications subcomponent: Core module. Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network...
CVE-2017-2147
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...