14 matches found
CVE-2026-35611
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...
CVE-2025-53421 WordPress Accordion plugin <= 2.3.14 - Broken Access Control vulnerability
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through = 2.3.14...
PT-2025-38784
Name of the Vulnerable Software and Affected Versions Aurélien LWS LWS Affiliation versions through 2.3.6 Description A Cross-Site Request Forgery CSRF issue exists in Aurélien LWS LWS Affiliation. This allows for the execution of unwanted actions on behalf of an authenticated user. The issue...
PT-2025-33082 · Traq · Traq
Name of the Vulnerable Software and Affected Versions: Traq versions 2.0 through 2.3 Description: Traq versions 2.0 through 2.3 contain a remote code execution issue in the admincp/common.php script. The flawed authorization logic does not halt execution after a failed access check, allowing...
CVE-2024-32124
An improper access control vulnerability CWE-284 in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request...
cc.cc4414:cc-spring-cloud-starter-gateway (=0.8.0), cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE) +98 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=2.2.10.RELEASE <=3.1.1)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =2.2.10.RELEASE, =1.0.0.RELEASE, =1.1.0, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.1.121 and more Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...
PrestaShop Security Breach
PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop pkcustomlinks 2.3 and earlier versions, which stems from the presenc...
IBM CloudPak for Multicloud Monitoring 安全漏洞
IBM CloudPak for Multicloud Monitoring is an open hybrid cloud management platform from IBM USA. A security vulnerability exists in IBM CloudPak for Multicloud Monitoring versions 2.0 through 2.3 that stems from vulnerability to host information leakage or corruption...
CVE-2020-24407
Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components...
PT-2020-2776 · Openjpeg +6 · Openjpeg +6
Name of the Vulnerable Software and Affected Versions: OpenJPEG versions 2.3.1 through 2020-01-28 Description: The issue is related to a heap-based buffer overflow in the opj t1 clbl decode processor function of the OpenJPEG library, specifically in the openjp2/t1.c file when qmfbid==1. This can ...
DEBIAN-CVE-2015-5607
Cross-site request forgery in the REST API in IPython 2 and 3...
UBUNTU-CVE-2016-8642
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available...
Arbitrary Commands Execution Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
Overview The JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 contain a vulnerability where arbitrary commands may be executed when they receive request messages from unexpected hosts in the network. Impact Malicious users can exploit this vulnerability to execute...
PYSEC-2013-38
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority CA certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate...