Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.
Unauthenticated PHP Object Injection in LĂ©onie <= 1.2.1 versions.
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.