4 matches found
CVE-2025-54806
GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser...
CVE-2024-32869
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where main.ts is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for t...
CVE-2022-4501
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...
DEBIAN-CVE-2014-9293
The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...