5 matches found
CVE-2026-25757
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue may lead to disclosure of PII of guest users including names, addresses and phone numbers. This...
CVE-2023-45859
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster...
Parse Server 安全漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 4.10.19 or 5.3.2, which stems from an attacker's ability to contaminate prototypes via cloud code web hooks or cloud code...
Phusion Passenger nginx module elevation of privilege vulnerability
Phusion Passenger is an Apache module from the Dutch company Phusion for deploying Ruby on Rails projects on Apache and Nginx web servers. nginx module is one of the Nginx server modules. A security vulnerability in the nginx module in Phusion Passenger versions 5.3.2 through 3.x excluding versio...
Cybozu Mailwise Information Disclosure Vulnerability (CNVD-2016-06382)
Cybozu Mailwise is a web-based e-mail system. An information disclosure vulnerability exists in Cybozu Mailwise 5.0.0 through 5.3.2, which can be exploited by remote attackers to obtain sensitive information...