CVE-2026-3209

A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to...

CVE-2026-3209

A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to...

PT-2026-22042

Name of the Vulnerable Software and Affected Versions fosrl Pangolin versions up to 1.15.4-s.3 Description A flaw exists in the Role Handler component of fosrl Pangolin. Specifically, the verifyRoleAccess/verifyApiKeyRoleAccess function is susceptible to manipulation, resulting in improper access...

pangolin 访问控制错误漏洞

Pangolin is an open-source proxy software developed by Pangolin. Versions of Pangolin 1.15.4-s.3 and earlier contained a vulnerability related to access control. This vulnerability stemmed from improper access control in the function verifyRoleAccess/verifyApiKeyRoleAccess of the Role Handler...

EUVD-2008-4638

Malware in sbrugna...

EUVD-2021-32507

Malicious code in bioql PyPI...

EUVD-2022-0131

Malicious code in bioql PyPI...

CVE-2025-9020 PX4 PX4-Autopilot Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control use after free

A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handlemessageserialcontrol of the file src/modules/mavlink/mavlinkreceiver.cpp of the component Mavlink Shell Closing Handler. The manipulation of the argument mavlinkshell leads to use...

PT-2025-33453 · Px4 · Px4-Autopilot

Name of the Vulnerable Software and Affected Versions: PX4 PX4-Autopilot versions through 1.15.4 Description: A use-after-free issue exists in the MavlinkReceiver::handle message serial control function within the src/modules/mavlink/mavlink receiver.cpp file of the Mavlink Shell Closing Handler...

UBUNTU-CVE-2024-39286

Incorrect execution-assigned permissions in the Linux kernel mode driver for the IntelR 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access...

PT-2025-6661 · Intel · Intel 800 Series Ethernet Driver

Name of the Vulnerable Software and Affected Versions: IntelR 800 Series Ethernet Driver versions prior to 1.15.4 Description: The issue is related to incorrect execution-assigned permissions in the Linux kernel mode driver. This may allow an authenticated user to potentially enable information...

WordPress 3D FlipBook plugin <= 1.15.4 - Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL vulnerability

Authenticated Author+ Stored Cross-Site Scritping via Bookmark URL vulnerability discovered by Tim Coen in WordPress Plugin 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery versions = 1.15.4...

WordPress 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Plugin <= 1.15.4 is vulnerable to Cross Site Scripting (XSS)

Software 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Type Plugin Vulnerable versions = 1.15.4 Fixed in 1.15.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-3883 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5fa01e38a65b...

PT-2024-28236 · WordPress · 3D Flipbook

Name of the Vulnerable Software and Affected Versions: 3D FlipBook plugin for WordPress versions up to, and including, 1.15.4 Description: The issue is related to Stored Cross-Site Scripting via the Bookmark URL field due to insufficient input sanitization and output escaping. This allows...

OESA-2024-1426 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions...

BIT-GOLANG-2020-28362

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service...

CVE-2020-26625

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...

Gila CMS SQL Injection Vulnerability

Gila CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in Gila CMS version 1.15.4 and earlier, which originates from a vulnerability that could allow a remote attacker to execute arbitrary web scripts via the ID parameter of the login...

Improper Handling of Extra Parameters

Overview Affected versions of this package are vulnerable to Improper Handling of Extra Parameters due to the improper handling of URLs by the url.parse function. When new URL throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect...

PT-2023-11748 · Gila Cms · Gila Cms

Name of the Vulnerable Software and Affected Versions: Gila CMS versions 1.15.4 and earlier Description: A SQL injection issue was discovered that allows a remote attacker to execute arbitrary web scripts via the user id parameter after the login portal. This enables the attacker to potentially...