CVE-2025-40627

Reflected Cross-Site Scripting XSS vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform...

CVE-2025-40626

CVE-2025-40626 corresponds to a reflected XSS in AbanteCart v1.4.0. The issue affects the /about_us endpoint where a malicious XSS payload can be reflected to the victim, enabling JavaScript execution that could steal session cookies or perform actions on behalf of the user, as described in multi...

GHSA-VH64-54PX-QGF8 Goroutine Leak in Abacus SSE Implementation

Goroutine Leak in Abacus SSE Implementation Summary A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and...

CVE-2024-50942

qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml...

CVE-2024-50942

CVE-2024-50942 affects qiwen-file v1.4.0, with a SQL injection vulnerability in the /mapper/NoticeMapper.xml component. The issue is reported as high impact (CVSSv3.1: 9.8, Confidentiality/Integrity/Availability = HIGH) and exploitable over NETWORK with no user interaction. Documentation consiste...

CVE-2024-50942

qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml...

CVE-2024-50942

qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml...

GHSA-48CR-J2CX-MCR8 Apache Answer: Avatar URL leaked user email addresses

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...

GO-2022-0620 HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vault

HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vault...

VSCode ipynb Remote Code Execution Exploit

VSCode when opening a Jupyter notebook .ipynb file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at...

Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks

Impact Any CLI command issued to a Coordinator after the Manifest has been set, is susceptible to be redirected to another MarbleRun Coordinator instance, which runs the same binary, but potentially a different manifest. Patches The issue has been patched in v1.4.0 Workarounds Directly using the...

GHSA-J3RQ-4XJW-XG63 Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks

Impact Any CLI command issued to a Coordinator after the Manifest has been set, is susceptible to be redirected to another MarbleRun Coordinator instance, which runs the same binary, but potentially a different manifest. Patches The issue has been patched in v1.4.0 Workarounds Directly using the...

CVE-2023-45958

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...

PT-2023-21686 · Oracle +2 · Solaris +2

Name of the Vulnerable Software and Affected Versions: ESS REC Agent Server Edition for Linux versions V1.0.0 through V1.4.3 ESS REC Agent Server Edition for Solaris versions V1.1.0 through V1.4.0 ESS REC Agent Server Edition for HP-UX versions V1.1.0 through V1.4.0 ESS REC Agent Server Edition f...

Out-of-bounds

A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...

EulerOS Virtualization 2.10.0 : sudo (EulerOS-SA-2022-2921)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in...

Sql injection

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...

CVE-2022-33070

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...

CVE-2022-33070

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...

CVE-2022-33070

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...