4 matches found
CVE-2026-33543
FOSSBilling versions 0.7.2 and earlier expose a guest API endpoint /api/guest/staff/create intended for initial admin bootstrap. A flawed admin-existence check (is_countable() used on a Model_Admin object or null) makes the guard always evaluate true, allowing unauthenticated creation of an admin...
CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes
Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...
CVE-2022-25303
The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...
PT-2018-2666 · Opensuse +4 · Libsolv +4
Name of the Vulnerable Software and Affected Versions: libsolv versions through 0.7.2 Description: The issue is related to errors in resource management, specifically in the pool whatprovides function of the libsolv library. It may allow a remote attacker to cause a denial of service. However, it...