CVE-2026-27818 TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

CVE-2026-23795

CVE-2026-23795 describes an XML External Entity (XXE) vulnerability in the Apache Syncope Console. An administrator with sufficient entitlements to create or edit Keymaster parameters can craft malicious XML text to trigger XXE, potentially leaking sensitive data. Affected versions: Apache Syncop...

WordPress plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent 安全漏洞

...

CVE-2025-57770 ZITADEL user enumeration vulnerability in login UI

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...

PT-2025-33886 · Unknown · Neurobin Shc

Name of the Vulnerable Software and Affected Versions: neurobin shc versions through 4.0.3 Description: A security flaw has been discovered in the Environment Variable Handler component of neurobin shc. The make function within the src/shc.c file is affected, resulting in operating system command...

CVE-2021-28398

A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScri...

WordPress plugin Booking Calendar and Notification 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2024-12778 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2024-12778 Source advisory: SNYK:PYTHON-AIM-9511127...

CVE-2024-45150

Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2024-6882 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 4.0.3 and earlier Description: The issue is related to an out-of-bounds write vulnerability in Adobe Dimension, which can lead to arbitrary code execution in the context of the current user. Exploitation of this issue...

CVE-2023-23639

Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3...

PT-2023-4363 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2 Description: A use after free issue in ONLYOFFICE DocumentServer allows remote attackers to run arbitrary code via a crafted JavaScript file. This issue is related to the JavaScript File...

PT-2022-9201 · Smarty +2 · Smarty +2

Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.43 Smarty versions prior to 4.0.3 Description: Smarty is a template engine for PHP that facilitates the separation of presentation from application logic. Template authors could run restricted static php methods...

Theonedev Onedev 信息泄露漏洞

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev Onedev versions prior to...

UBUNTU-CVE-2020-8244

A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...

Design/Logic Flaw

mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920...