CVE-2026-40989 Self Routing guard bypassed via function composition

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

EUVD-2015-7747

Malware in sbrugna...

Moodle 4.3.x < 4.3.8 Reflected XSS In Question Bank Filter

According to its self-reported version, the Moodle install hosted on the remote host is 4.3.x prior to 4.3.8 or 4.4.4 prior to 4.4.5 or 4.5.x prior to 4.5.1 . It is, therefore, affected by a Reflected XSS in question bank filter. Note that the scanner has not tested for these issues but has inste...

Moodle 4.3.x < 4.3.7 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.13, 4.2.x prior to 4.2.10, 4.3.x prior to 4.3.7, or 4.4.x prior to 4.4.3. It is, therefore, affected by multiple vulnerabilities. - A lesson activity password bypass through PHP loose...

WordPress 4.3.x < 4.3.33 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...

SUSE CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

XWiki Information Disclosure Vulnerability (GHSA-97jg-43c9-q6pf)

XWiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

WordPress 4.3.x < 4.3.27 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...

CVE-2021-41573

Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...

Security Bulletin: Vulnerabilities in Swagger affects WebSphere Application Server Liberty

Summary There are vulnerabilities in Swagger that affects WebSphere Application Server Liberty used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information,...

Openfire 4.3.x < 4.5.0 Multiple XSS Vulnerabilities

Openfire is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Atlassian Jira Service Desk 4.3.x < 4.3.4 Path Traversal Vulnerability

According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is prior to 3.9.16, 3.10.x prior to 3.16.8, 4.0.x prior to 4.1.3, 4.2.x prior to 4.2.5, 4.3.x prior to 4.3.4 or 4.4.x prior to 4.4.1. It is, therefore, affected by a path traversa...

Security Bulletin: Vulnerability in WebSphere Liberty ORB client

Summary There's a vulnerability in WebSphere Liberty ORB client used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1683 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, cause...

Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

CVE-2016-9575

Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary...

JBoss 4.2.x / 4.3.x Information Disclosure

Exploit Title: JBoss sensitive information disclosure 4.2X & 4.3.X Date: 02/08/2018 Exploit Author: JameelNabbo Vendor Homepage: http://www.jboss.org Software Link: http://jbossas.jboss.org/downloads Version: 4.2X. & 4.3.X Tested on: Linux Ubuntu CVE : CVE-2010-1429 1. Description By requesting t...

QNAP QTS < 4.2.6 build 20171208, 4.3.3.x < 4.3.3.0396 build 20171205, 4.3.4.x < 4.3.4.0411 build 20171208 Multiple Vulnerabilities

QNAP QTS is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...

Bugzilla Multiple Vulnerabilities

Bugzilla is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:bugzilla"; if description...

phpMyAdmin Security Bypass Vulnerability (Nov 2015) - Linux

phpMyAdmin is prone to reCaptcha bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

Design/Logic Flaw

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha...