9 matches found
CVE-2025-57403
Cola Dnslog v1.3.2 is affected by a Directory Traversal vulnerability in the DNS TXT query handling. The root cause is the application concatenating the requested URL (or a portion) with a base path via os.path.join, allowing directory traversal or absolute path injection and potentially exposing...
CVE-2025-57403
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...
PT-2024-26268 · Taurusxin · Ncmdump
Name of the Vulnerable Software and Affected Versions: taurusxin ncmdump version 1.3.2 Description: The issue allows attackers to cause a Denial of Service DoS via memory exhaustion by supplying a crafted .ncm file. Recommendations: For version 1.3.2, consider avoiding the use of crafted .ncm fil...
WordPress Popup4Phone Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)
Software Popup4Phone Type Plugin Vulnerable versions = 1.3.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3231 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a2ba7555452 Credits Bob Matyas Required...
WordPress ARI Stream Quiz Plugin <= 1.3.2 is vulnerable to Content Injection
Software ARI Stream Quiz Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A5: Broken Access Control Classification Content Injection CVE CVE-2023-47513 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 942a7b806fcf Credits Abdi Pranata Required privilege...
WordPress Grid Plus Plugin <= 1.3.2 is vulnerable to Broken Access Control
Software Grid Plus Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34014 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dd240d0353de Credits Abdi Pranata Required privilege...
WordPress Balkon Theme <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)
Software Balkon Type Theme Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36502 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 90ca41d6439b Credits RE-ALTER Required privilege...
PYSEC-2022-36
Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher...
ImageWorsener Denial of Service Vulnerability
ImageWorsener is a set of image scaling and processing utilities. A security vulnerability exists in the 'getrawsampleint' function in the imagew-main.c file of the libimageworsener.a file in ImageWorsener version 1.3.2. When libjpeg 8d is used, an attacker can exploit this vulnerability to cause...