9 matches found
CVE-2025-66645
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
PT-2025-47663
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh crm settings empty trash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated...
CVE-2025-10110 ChanCMS search sql injection
A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...
CubeFS Log Information Disclosure Vulnerability
CubeFS is a cloud-native file storage for CubeFS individual developers. A log information disclosure vulnerability exists in CubeFS versions prior to 3.3.1, which stems from disclosing user keys and access keys in logs...
WordPress theme Real Estate 跨站脚本漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Real Estate 7 version 3.3.1 an...
PT-2022-7154 · Apache · Apache Hadoop
Name of the Vulnerable Software and Affected Versions: Apache Hadoop versions 3.3.1 through 3.3.4 Description: The issue is related to the use of an unreliable path search in the Apache Hadoop platform, which can allow a remote attacker to execute commands with root privileges. The vulnerability ...
Evenroute IQrouter Operating System Command Injection Vulnerability
Evenroute IQrouter is a smart router from Evenroute USA. A remote code execution vulnerability exists in the web panel in Evenroute IQrouter 3.3.1 and earlier versions. An attacker can exploit this vulnerability to gain root privileges...
PT-2020-12958 · Openwrt +1 · Openwrt +1
Name of the Vulnerable Software and Affected Versions: IQrouter versions 3.3.1 and earlier Description: The issue allows remote attackers to control the device, enabling actions such as restarting the network, rebooting, upgrading, or resetting, due to incorrect access control. This issue is...