SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the AddressRepository::getSqlQuery method that constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore...

Textpad 缓冲区错误漏洞

Textpad is a lightweight text editor developed by Textpad Inc. Version 8.1.2 of Textpad contains a buffer overflow vulnerability. This vulnerability stems from a denial-of-service vulnerability, which could allow local attackers to cause the application to crash by providing an overly long buffer...

CVE-2023-43664

PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn't check access rights. This issue has been addressed in commit 15bd281c which is...

CVE-2025-45378

CVE-2025-45378 (Dell CloudLink) affects Dell CloudLink running versions 8.0–8.1.2, with a vulnerability in the restricted shell that allows a privileged user with a known password to break into the CloudLink server command shell and escalate privileges, gaining unauthorized system access. If SSH ...

EUVD-2021-8833

Malicious code in bioql PyPI...

EUVD-2023-2510

Malicious code in bioql PyPI...

PT-2025-37729

Name of the Vulnerable Software and Affected Versions Explorance Blue version 8.1.2 Description Explorance Blue version 8.1.2 contains multiple Cross Site Scripting XSS vulnerabilities in input fields. These vulnerabilities allow attackers to inject arbitrary JavaScript code into a user’s browser...

Malformed $group Query May Cause MongoDB Server to Crash

An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to deni...

Default credentials

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

CVE-2024-25848

In the module "Ever Ultimate SEO" everpsseo = 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions...

PT-2024-21160 · Unknown · Ever Ultimate Seo

Name of the Vulnerable Software and Affected Versions: Ever Ultimate SEO everpsseo versions 8.1.2 and earlier Description: A SQL injection issue exists, allowing a guest to perform malicious actions in affected versions. Recommendations: For versions 8.1.2 and earlier, update to a version later...

BIT-PRESTASHOP-2023-43663 Improper Privilege Management in Prestashop

PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit ce1f6708 addresses this issue and is included i...

BIT-PRESTASHOP-2023-43664 Employee without any access rights can list all installed modules in Prestashop

PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn't check access rights. This issue has been addressed in commit 15bd281c which is...

Avaya Aura Experience Portal Information Disclosure Vulnerability

Avaya Aura Experience Portal is the next-generation Avaya Voice Portal from Avaya, Inc. providing organizations with a single point of orchestration for all automated voice and multimedia applications and services.Experience Portal supports SIP, IP, TDM or hybrid environments. It includes powerfu...

Oracle Financial Services Applications Security Vulnerability

Oracle Financial Services Applications is a set of financial services software from Oracle. The product includes core banking, online banking and property management, etc. Financial Services Analytical Applications Infrastructure is one of the financial services analytical applications...

CVE-2023-43664 Employee without any access rights can list all installed modules in Prestashop

PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn't check access rights. This issue has been addressed in commit 15bd281c which is...

CVE-2023-43663 Improper Privilege Management in Prestashop

PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit ce1f6708 addresses this issue and is included i...

PrestaShop allows employee without any access rights to list all installed modules

Impact In BO, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn't check access rights Patches Fixed on 8.1.2 Workarounds References...

GHSA-GVRG-62JP-RF7J PrestaShop allows employee without any access rights to list all installed modules

Impact In BO, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn't check access rights Patches Fixed on 8.1.2 Workarounds References...

PT-2023-28909 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 8.1.2 Description: The issue concerns the PrestaShop Back office interface, where an employee can list all modules without any access rights due to the method ajaxProcessGetPossibleHookingListForModule not checkin...