10 matches found
@agentscope-ai/chat (>=1.1.43 <=1.1.68-beta.1780902884191), @ant-design/charts (>=2.2.2 <=2.6.7) +72 more potentially affected by unknown CVE via @antv/g-svg (>=2.0.0 <=2.1.1)
@antv/g-svg NPM version =2.0.0, =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.1.0, =2.0.0, =2.0.0, =0.1.6, =0.1.0, =0.1.0, =1.2.0, =2.0.28, =0.0.18, =0.0.23 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGSVG-16754949...
WordPress Submission DOM tracking for Contact Form 7 plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Submission DOM tracking for Contact Form 7 versions = 2.1...
PT-2025-4559 · Unknown · Miloš Đekić Inline Tweets
Name of the Vulnerable Software and Affected Versions: Miloš Đekić Inline Tweets versions n/a through 2.0 Description: The issue is related to an improper neutralization of input during web page generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attack...
CVE-2024-7780
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and la...
PT-2024-26336 · Mongodb +1 · Mongodb +1
Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics Local versions 2.0 through 2.1 Description: The issue concerns a lack of password authentication in MongoDB connections, allowing a remote attacker to gain unauthorized access to the database. This could potentially lea...
br.gov.frameworkdemoiselle:demoiselle (>=3.0.0-ALPHA1 <=3.0.0-ALPHA2), ch.sbb.releasetrain:business (>=0.0.3 <=0.0.16) +396 more potentially affected by CVE-2024-29131 via org.apache.commons:commons-configuration2 (>=2.0 <=2.10.0)
org.apache.commons:commons-configuration2 MAVEN version =2.0, =3.0.0-ALPHA1, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.0.1, =2.1.0, =3.0.0, =2.0.0, =3.0.0, =2.0.0, =2.0.0, =4.0.0, =2.3, =2.9 and more Source cves: CVE-2024-29131 Source advisory: OSV:GHSA-XJP4-HW94-MVP5...
SUSE CVE-2016-4081
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...
log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint...
PT-2019-7464 · Sandhills Development · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD core component versions 1.8.x through 1.8.6 Easy Digital Downloads EDD core component versions 1.9.x through 1.9.9 Easy Digital Downloads EDD core component versions 2.0.x through 2.0.4 Easy Digital Downloads EDD co...
security flaw
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x aka StarOffice up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents...