WordPress CIBELES AI plugin <= 1.10.8 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin CIBELES AI versions = 1.10.8...

CVE-2025-13595 CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

EUVD-2000-0676

Malware in sbrugna...

EUVD-2021-0549

Malware in sbrugna...

CVE-2025-48950 MaxKB Python Sandbox Bypass in Function Library

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as /bin,/usr/bin, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directori...

phpwcms 代码问题漏洞

phpwcms is an open source web content management system from slackero open source. It is fast, easy to install and can run on any standard web server platform that supports PHP/MySQL. A code issue vulnerability exists in phpwcms 1.9.45 and 1.10.8 and earlier versions, which stems from an incorrec...

Important: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update.

Red Hat Integration Camel K 1.10.8 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

PT-2024-19395 · Xadmaster · Xadmaster

Name of the Vulnerable Software and Affected Versions: XADMaster versions prior to 1.10.8 Description: XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive, XADMaster may not apply the quarantine attribute correctly,...

OESA-2024-1426 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions...

VulnCheck KEV: CVE-2023-39026

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component...

FileMage 路径遍历漏洞

FileMage is a software solution for file transfer and data management. A security vulnerability exists in FileMage Gateway v.1.10.8 and earlier versions, which stems from a directory traversal vulnerability that allows remote attackers to obtain sensitive information via a crafted request...

DEBIAN-CVE-2023-28100

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux...

Flatpak 安全漏洞

Flatpak is an application virtualization system for Linux desktop application computer environments. A security vulnerability exists in Flatpak versions prior to 1.10.8, 1.12.x through 1.12.8, 1.14.x through 1.14.4, and 1.15.x through 1.15.4. An attacker could exploit the vulnerability to elevate...

Infinite loop

Overview std/crypto/elliptic is a Go standard library package std/crypto/elliptic Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: via the crypto/elliptic process. An attacker can cause excessive CPU consumption or potentially recover private keys by...

PT-2022-16801 · Hashicorp +2 · Ingress Gateway +4

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.8.0 through 1.9.14 HashiCorp Consul and Consul Enterprise version 1.10.7 HashiCorp Consul and Consul Enterprise version 1.11.2 Description: The issue allows a user with service:write permissio...

Mageia: Security Advisory (MGASA-2020-0237)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ai.h2o:h2o-orc-parser (>=3.10.0.5 <=3.10.3.6), at.austriapro:ebinterface-rendering (=1.0.1) +4976 more potentially affected by CVE-2020-11979 via org.apache.ant:ant (>=1.10.0 <=1.10.8)

org.apache.ant:ant MAVEN version =1.10.0, =3.10.0.5, =55.v51410e712e0c, =2.1.1, =2.0.2, =1.0.1, =1.0.0, =1.0.0, =1.0.1, =1.0.0, =1.0.1, =1.0.0, =1.0.6 and more Source cves: CVE-2020-11979 Source advisory: OSV:GHSA-F62V-XPXF-3V68...

GHSA-4MV4-GMMF-Q382 DataTable Vulnerable to Cross-Site Scripting

Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php. Recommendation Update to a version greater than 1.10.8. A fix appears in...

Updated ant packages fix security vulnerability

Updated ant packages fix security vulnerability: Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back...

docker-engine security update

18.03.1.ol-0.0.15 - cherry-picked fix for CVE-2018-15664 from upstream 18.03.1.ol-0.0.14 - rebuild 18.03.1.ol-0.0.13 - update for CVE-2018-20699 18.03.1.ol-0.0.12 - correct the version string of containerd 18.03.1.ol-0.0.11 - update runc for CVE-2019-5736 18.03.1.ol-0.0.10 - update Go to version...