17 matches found
CVE-2026-8978
The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2026-3456 GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.2.0 - Unauthenticated SQL Injection via 'attributekey'
The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +572 more potentially affected by CVE-2026-33671 via picomatch (>=1.2.0 <=2.3.1)
picomatch NPM version =1.2.0, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33671 Source advisory: OSV:GHSA-C2C7-RCM5-VVQJ...
PT-2026-20459
mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested...
PT-2025-34508 · WordPress · Wc Plus
Name of the Vulnerable Software and Affected Versions: WC Plus plugin for WordPress versions up to and including 1.2.0 Description: The WC Plus plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the pluswc logo favicon logo base API...
PT-2025-34374 · Dpanel · Dpanel
Name of the Vulnerable Software and Affected Versions: dpanel versions 1.2.0 through 1.7.2 Description: dpanel is a server management panel written in Go. Versions of the software allow authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint...
CVE-2023-31453
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...
PT-2024-26352 · Unknown · Hidden Depth Sticky Banner
Name of the Vulnerable Software and Affected Versions: Hidden Depth Sticky banner versions 1.2.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can...
PT-2024-25229
Name of the Vulnerable Software and Affected Versions kubevirt versions 1.2.0 and earlier Description The issue allows a local attacker to execute arbitrary code via a crafted command to get the token component. This can be done by sending a crafted command to the /kubevirt.io/kubevirt API...
NuProcess 安全漏洞
NuProcess is a low-overhead, non-blocking I/O, external process implementation of Java from Brett Wooldridge's personal developer. NuProcess 1.2.0 and later, and versions prior to 2.0.5, are vulnerable to command injection, which stems from the failure of a network system or product to properly...
PT-2022-24180 · WordPress · Export Post Info
Name of the Vulnerable Software and Affected Versions: Export Post Info plugin versions 1.2.0 and earlier Description: The issue is related to an Authenticated CSV Injection vulnerability. This vulnerability affects the Export Post Info plugin at WordPress, where an authenticated user with author...
br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +91 more potentially affected by CVE-2019-1003010 via org.jenkins-ci.plugins:git (>=1.2.0 <=3.9.1)
org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2019-1003010 Source advisory: OSV:GHSA-R8RW-XX57-M64Q...
PT-2021-10906 · Union Pay · Union Pay
Name of the Vulnerable Software and Affected Versions: Union Pay versions up to 1.2.0 Description: The issue allows attackers to shop for free in merchants' websites and mobile apps via a crafted authentication code MAC generated based on a secret key which is NULL. This is due to an improper...
CloudBees Jenkins OpenShift Deployer Plugin Has Unspecified Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.OpenShift Deployer Plugin is used in one of the...
ae.teletronics.nlp:entityextraction (=1.3), au.gov.amsa.risky:spark (>=0.5.2 <=0.5.9) +269 more potentially affected by CVE-2018-17190 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=1.6.3)
org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.5.2, =1.0.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =1.6.0, =1.0, =1.0.1, =1.0.0, =0.8.0, =0.8.2 and more Source cves: CVE-2018-17190 Source advisory: OSV:GHSA-PHG2-9C5G-M4Q7...
org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.2.0 <=1.2.2), org.apache.cxf.fediz.examples:springWebapp (>=1.2.0 <=1.2.2) +3 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring (>=1.2.0 <=1.2.2)
org.apache.cxf.fediz:fediz-spring MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.2 Source cves: CVE-2016-4464 Source advisory: OSV:GHSA-QPWJ-MVV7-V3M9...
PT-2017-16779
Name of the Vulnerable Software and Affected Versions rubyzip gem versions prior to 1.2.1 Description The Zip::File component in the rubyzip gem has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ../ pathname...