4 matches found
CVE-2026-32889
tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...
CVE-2026-2976
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...
WordPress SimpleForm Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)
Software SimpleForm Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10883 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c9428f96f6e1 Credits Peter Thaleikis Required...
PT-2024-39629 · WordPress · Wpglobus Translate Options
Name of the Vulnerable Software and Affected Versions: WPGlobus Translate Options plugin for WordPress versions up to, and including, 2.2.0 Description: The issue is due to missing or incorrect nonce validation on the on translate options page function, making it possible for unauthenticated...