3 matches found
CVE-2026-27744
The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...
CVE-2024-53619
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...
SUSE CVE-2021-20234
An uncontrolled resource consumption memory leak flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability...