17 matches found
EUVD-2025-28366
Malicious code in bioql PyPI...
CVE-2025-54381
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...
WordPress Drag & Drop Builder plugin <= 1.4.19 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Drag & Drop Builder versions = 1.4.19...
CVE-2024-50447
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.19...
WordPress plugin Elementor Templates & Widgets for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2024-34222 · Envo · Elementor Templates & Widgets For Woocommerce
Name of the Vulnerable Software and Affected Versions: Envo's Elementor Templates & Widgets for WooCommerce versions 1.4.19 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored...
WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Envo's Elementor Templates & Widgets for WooCommerce versions = 1.4.19...
WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.19 is vulnerable to Cross Site Scripting (XSS)
Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.19 Fixed in 1.4.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50447 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 28c4d14cb691 Credits...
PrestaShop SQL注入漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop eotags version prior to 1.4.19, which stems from the presence ...
xstream: Injecting highly recursive collections or maps can cause a DoS
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...
lighttpd 1.4.19 mod_userdir区分大小写比较导致代码泄露漏洞
No description provided by source...
lighttpd 1.4.19 重复头部请求导致拒绝服务漏洞
No description provided by source...
Fedora 9 : squirrelmail-1.4.19-1.fc9 (2009-5471)
Fri May 22 2009 Michal Hlavinka - 1.4.19-1 - updated to 1.4.19 - fixes CVE-2009-1579, CVE-2009-1580, CVE-2009-1581 - Tue May 19 2009 Michal Hlavinka - 1.4.18-2 - fix undefined variable aSpamIds 501260 - Tue May 12 2009 Michal Hlavinka - 1.4.18-1 - update to 1.4.18 fixes CVE-2009-1581 - Thu Dec 4...
PT-2009-3900 · Squirrelmail · Squirrelmail
Name of the Vulnerable Software and Affected Versions: SquirrelMail versions prior to 1.4.19-1 Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. This is due to an incomplete fix for a...
lighttpd -- multiple vulnerabilities
Lighttpd seurity annoucement: lighttpd 1.4.19, and possibly other versions before 1.5.0, does not decode the url before matching against rewrite and redirect patterns, which allows attackers to bypass rewrites rules. this can be a security problem in certain configurations if these rules are used...
Gentoo Security Advisory GLSA 200804-08 (lighttpd)
The remote host is missing updates announced in advisory GLSA 200804-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Lighttpd < 1.4.19 Information Disclosure
Binary data 4411.prm...