12 matches found
CVE-2026-42174 Kirby: User avatar creation, replacement and deletion are not gated by user update permissions
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the process for managing user avatars due to insufficient authorization checks. An attacker can gain unauthorized access to create, replace, or delete user avatars by leveraging file permissions without the...
CVE-2026-40603
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
CVE-2025-64325
Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...
DEBIAN-CVE-2025-48945
pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS...
SUSE CVE-2025-32780
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\AppData\Local\Microsoft\WindowsApps, an attacker can execute...
WordPress AI Infographic Maker plugin <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Infographic Maker – iList versions = 4.9.0...
ric-plt-lib-rmr security vulnerability
ric-plt-lib-rmr is an open source message router library from O-RAN Software Community. Applications can use it to send messages to other RMR-based applications. A security vulnerability exists in ric-plt-lib-rmr version v4.9.0, which originates from not verifying the source of a received routing...
SEO Panel SQL注入漏洞
SEO Panel is an open source panel for managing website SEO Search Engine Optimization. A security vulnerability exists in SEO Panel version 4.9.0, which was discovered to contain an SQL injection vulnerability via the username parameter of the getUserName function in the api/user.api.php file. An...
tcpdump buffer overflow vulnerability (CNVD-2017-02243)
tcpdump is a set of sniffing tools developed by the Tcpdump team that run under the command line. The tool allows users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer. A buffer overflow vulnerability exists in the juniperparseheader...
ALPINE-CVE-2016-7932
The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2checkchecksum...
DEBIAN-CVE-2016-7985
The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calmfastprint...