18 matches found
GHSA-9M6V-8FXC-4R44 Sulu: Used API Keys may be available via Admin API
Impact The users endpoint controller exposes a project's apiKey field to the logged-in user, provided they have permission for that endpoint. This only has impact if a project itself uses that specific field, Sulu itself does nothing with it and has no authentication per apiKey in its core. Patch...
CLEANSTART-2026-CY26398 Security fixes for CVE-2026-34986, ghsa-78h2-9frx-2jm8, ghsa-hfvc-g4fc-pqhx, ghsa-mh2q-q3fh-2475, ghsa-w8rr-5gcm-pp58, ghsa-xmrv-pmrh-hhx2 applied in versions: 3.0.5-r0, 3.0.6-r0
Multiple security vulnerabilities affect the grafana-mimir-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2025-36364 IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters.
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...
Linux Distros Unpatched Vulnerability : CVE-2025-32997
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. CVE-2025-32997 Note that Nessus relies on the...
CVE-2025-48355 WordPress ProveSource Social Proof plugin <= 3.0.5 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through 3.0.5...
WordPress ProveSource Social Proof plugin <= 3.1.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Bao BlueRock in WordPress Plugin ProveSource Social Proof versions = 3.1.2...
PT-2025-34185 · WordPress · Provesource Social Proof
Name of the Vulnerable Software and Affected Versions: ProveSource Social Proof versions n/a through 3.0.5 Description: ProveSource Social Proof contains a flaw that allows the retrieval of embedded sensitive data, leading to the exposure of confidential system information to an unauthorized...
CVE-2023-35884
Unauth. Reflected Cross-Site Scripting XSS vulnerability in EventPrime plugin = 3.0.5 versions...
Passport-wsfed-saml2 安全漏洞
Passport-wsfed-saml2 is an Auth0 open source token authentication provider program. A security vulnerability exists in Passport-wsfed-saml2 versions 3.0.5 through 4.6.3, which stems from SAML response tampering and could lead to user impersonation...
PT-2025-5440 · Vform · Vform
Name of the Vulnerable Software and Affected Versions: VForm versions through 3.0.5 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through 3.0.5, update to a...
PT-2024-33380
Name of the Vulnerable Software and Affected Versions Shafiq Digital Lottery versions 3.0.5 and earlier Description The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to...
PT-2024-23463 · Typps · Typps Calendarista Basic Edition
Name of the Vulnerable Software and Affected Versions: typps Calendarista Basic Edition versions 3.0.5 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects typps Calendarista Basic Edition. Recommendations: For versions 3.0.5 and...
PT-2024-3289 · Fortinet · Fortisandbox
Name of the Vulnerable Software and Affected Versions: Fortinet FortiSandbox versions 3.0.5 through 3.0.7 Fortinet FortiSandbox versions 3.2.0 through 3.2.4 Fortinet FortiSandbox versions 4.0.0 through 4.0.5 Fortinet FortiSandbox versions 4.2.0 through 4.2.6 Fortinet FortiSandbox versions 4.4.0...
PT-2024-23991 · Unknown · Themepoints Testimonials
Name of the Vulnerable Software and Affected Versions: Themepoints Testimonials versions 3.0.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability. This allows for the storage of malicious scripts ...
PT-2020-17158 · WordPress · Eventon
Name of the Vulnerable Software and Affected Versions: EventON plugin versions 3.0.5 and earlier Description: The issue allows for XSS via the search field in the addons/?q= endpoint. This is a security concern as it can be exploited to inject malicious scripts. Recommendations: For versions 3.0....
Croogo cross-site scripting vulnerability (CNVD-2019-03589)
Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized for Blog, Node, Page, content editing using WYSIWYG editor and other features. A cross-site scripting vulnerability exists in Croogo 3.0.5 and earlier versions...
Invitex, 3.0.5, SQL Injection
Invitex by techjoomla.com, versions 3.0.5 and previous, SQL Injection resolution: update to 3.0.6 update notice: https://techjoomla.com/blog/jgive/release-updates-for-jticketing-jboloand-invitex...
Woltlab Burning Board Multiple Input Validation Vulnerabilities
Woltlab Burning Board is prone to multiple input-validation vulnerabilities, including: - Multiple security that may allow attackers to delete private messages - A cross-site scripting vulnerability - Multiple URI redirection vulnerabilities Attackers can exploit these issues to delete private...