16 matches found
GHSA-89X7-5M5M-MCMM Juju has unauthorized update of out-of-scope Vault secrets
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
CVE-2026-32692
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
CVE-2026-32692
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
Juju 安全漏洞
Juju is a canonical Juju open-source application orchestration engine. Versions of Juju from 3.1.6 to 3.6.18 have security vulnerabilities. These vulnerabilities stem from an authorization bypass in the Vault key backend implementation, which may allow authenticated unit agents to execute...
Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability
Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds write vulnerability exists in Adobe Substance 3D Stager 3.1.6 and earlier versions, which can ...
CVE-2026-21343 Substance3D - Stager | Out-of-bounds Read (CWE-125)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...
CVE-2026-21341 Substance3D - Stager | Out-of-bounds Write (CWE-787)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-21342
Adobe Substance3D Stager
CVE-2026-21345
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...
CVE-2025-12393
CVE-2025-12393 affects the WordPress plugin Free Quotation up to version 3.1.6. It is a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization and output escaping in admin settings. Exploitation requires authentication at administrator level or higher, and affec...
WordPress Advanced Database Cleaner plugin <= 3.1.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Bao - BlueRock in WordPress Plugin Advanced Database Cleaner versions = 3.1.6...
CVE-2025-11497 Advanced Database Cleaner <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation
The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.6. This is due to missing or incorrect nonce validation on the aDBcprepareelementstoclean function. This makes it possible for unauthenticated attackers to alte...
PT-2024-35237 · Unknown · Clarisse K. Writer Helper
Name of the Vulnerable Software and Affected Versions: Clarisse K. Writer Helper versions 3.1.6 and earlier Description: The issue allows users to upload dangerous files, potentially enabling web server compromise by uploading a web shell. This can be exploited by attackers to gain unauthorized...
CVE-2022-29410
Authenticated SQL Injection SQLi vulnerability in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via...
PT-2022-2029
Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions Description The issue is related to a remote code execution vulnerability in Spring Cloud Function when using routing functionality. It is possible for a user to provid...