8 matches found
Apache DolphinScheduler RPC module has a Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...
CVE-2025-49577
Citizen is a MediaWiki skin; multiple connected sources describe a stored XSS vulnerability in the preference menu headings caused by unsanitized insertion of messages into raw HTML. Affected versions are prior to 3.3.1, and the issue is fixed in 3.3.1. Remediation: upgrade citizen-skin to versio...
CVE-2025-49577 Citizen allows stored XSS in preference menu headings
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1...
CVE-2025-46828
WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint /html/socio/sistema/getsocios.php, specifically in the query parameter. This issue allows attackers to inject and execute arbitra...
module-from-string prototype pollution
A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
CVE-2024-57072
A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
GTKWave buffer overflow vulnerability (CNVD-2024-04846)
GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A buffer overflow vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .fst files...
CVE-2020-23590
A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery CSRF attack to change the Password for "WLAN SSID" through "wlwpa.asp"...