4 matches found
CVE-2024-33102
A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter...
CVE-2023-46134
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...
CVE-2025-46614
The CVE-2025-46614 issue affects the Snowflake ODBC Driver prior to 3.7.0, where certain code paths log the entire SQL query at INFO level, enabling potential exposure of sensitive information. This vulnerability has a low base score (CVSS 3.1: 3.3) with LOCAL, LOW impact on confidentiality and n...
CVE-2024-40456
ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...