PT-2026-24108

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these...

EUVD-2020-0572

Malware in sbrugna...

WordPress Order Export for WooCommerce plugin <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability

Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Order Export for WooCommerce versions = 3.24...

WordPress plugin Order Export for WooCommerce 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2024-8863

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the...

PT-2024-39281 · Aimhubio · Aimhubio Aim

Name of the Vulnerable Software and Affected Versions: aimhubio aim versions up to 3.24 Description: A problematic issue was found in the dangerouslySetInnerHTML function of the textbox.tsx file in the Text Explorer component. The manipulation of the query argument leads to cross-site scripting. ...

PT-2024-30421 · Woocommerce · Order Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: Order Export for WooCommerce versions prior to 3.24 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This affects the Order Export for WooCommerce plugin. To remediate the issue, upgrading t...

Noname Security Platform Updates: 3.24 Release

...

WebwinkelKeur < 3.25 - Cross-Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Albert Peschar WebwinkelKeur plugin = 3.24 versions...

DEBIAN-CVE-2022-26496

In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBDOPTINFO or NBDOPTGO message with an large value as the length of the name...

PT-2022-2044 · Nbd +6 · Nbd +6

Name of the Vulnerable Software and Affected Versions: nbd versions prior to 3.24 Description: The issue is related to a stack-based buffer overflow in the nbd-server. An attacker can cause a buffer overflow by sending a crafted NBD OPT INFO or NBD OPT GO message with a large value as the length ...

CVE-2021-40339

Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26...

Libsvm 安全漏洞

Libsvm is a simple, easy-to-use and efficient software for SVM classification and regression. A denial of service vulnerability exists in svmpredictvalues in svm.cpp in Libsvm version 324. An attacker can exploit this vulnerability to cause a denial of service segmentation error via a specially...

Cross site scripting

In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting...

GHSA-W534-Q4XF-H5V2 XSS in Mapfish Print relating to JSONP support

Impact A user can use the JSONP support to do a Cross-site scripting. Patches Use version = 3.24 Workarounds No References https://github.com/mapfish/mapfish-print/pull/1397/commits/89155f2506b9cee822e15ce60ccae390a1419d5e https://cwe.mitre.org/data/definitions/79.html For more information If you...

XXE attack in Mapfish Print

Impact A user can do to an XML External Entity XXE attack with the provided SDL style. Patches Use version = 3.24 Workarounds No References https://cwe.mitre.org/data/definitions/611.html https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e For more...

GHSA-VJV6-GQ77-3MJW XXE attack in Mapfish Print

Impact A user can do to an XML External Entity XXE attack with the provided SDL style. Patches Use version = 3.24 Workarounds No References https://cwe.mitre.org/data/definitions/611.html https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e For more...

firmCHANNEL Indoor &amp; Outdoor Digital Signage 3.24 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/32107/info firmCHANNEL Indoor & Outdoor Digital SIGNAGE is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...