205 matches found
CVE-2025-6184 Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection
The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the getsubmittedassignments function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter an...
WordPress plugin Tutor LMS Pro SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
Deserialization of Untrusted Data
Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the torch.load function. An attacker can execute arbitrary commands by uploading a maliciously crafted adapter model file tha...
Deserialization of Untrusted Data
Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the yaml.load function in tests/run.py when handling user-supplied YAML configuration files. An attacker can execute arbitrar...
Bolt CMS 安全漏洞
Bolt CMS is a PHP-based open source content management system from Bolt CMS Open Source. A security vulnerability exists in Bolt CMS 3.7.0 and prior versions that originates from allowing an authenticated user to inject arbitrary PHP code into the displayname field, which could lead to remote cod...
CVE-2024-47393
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mohamed Magdy Quill Forms quillforms allows Stored XSS.This issue affects Quill Forms: from n/a through = 3.7.0...
CVE-2022-46255
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite...
CVE-2021-21296
Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live query is currently ongoing. We believe the...
CVE-2019-20058
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...
WordPress plugin Cost of Goods for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2025-46614
In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File...
PT-2025-18087 · Snowflake · Snowflake Jdbc Driver
Name of the Vulnerable Software and Affected Versions: Snowflake ODBC Driver versions prior to 3.7.0 Description: The issue concerns the logging of sensitive information. In certain code paths, the whole SQL query was logged at the INFO level. This could potentially lead to the exposure of...
AZL-60523 CVE-2025-22872 affecting package sriov-network-device-plugin for versions less than 3.7.0-4
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
WordPress plugin MinimogWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress MinimogWP theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion vulnerability
Unauthenticated Local PHP File Inclusion vulnerability discovered by Lucio Sá in WordPress Theme MinimogWP versions = 3.7.0...
CVE-2024-55459
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...
DEBIAN-CVE-2024-55459
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...
CVE-2024-11716
While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...
CVE-2024-9358
A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is...
WordPress Quill Forms plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Quill Forms versions = 3.7.0...