Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-dd9cd16b18)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-dd9cd16b18 advisory. nginx-mod-brotli: - Rebuild for 1.30.2 nginx-mod-fancyindex: - Rebuild for 1.30.2 nginx-mod-naxsi: - Rebuild for 1.30.2 nginx-mod-headers-more: - Rebuild for...

Unity Linux 20.1050e / 20.1070e Security Update: kubernetes (UTSA-2026-017390)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017390 advisory. The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0...

CVE-2026-28226

Phishing Club is a phishing simulation and man-in-the-middle framework. Prior to version 1.30.2, an authenticated SQL injection vulnerability exists in the GetOrphaned recipient listing endpoint in versions prior to v1.30.2. The endpoint constructs a raw SQL query and concatenates the...

CVE-2026-28226

CVE-2026-28226 — Phishing Club : An authenticated SQL injection exists in the GetOrphaned recipient listing endpoint for versions before 1.30.2. The endpoint concatenates a user-controlled sortBy value directly into the SQL ORDER BY clause without allowlist validation, allowing injection of SQL e...

CVE-2026-28226 Phishing Club has Authenticated Blind SQL Injection in GetOrphaned Recipient Listing

Phishing Club is a phishing simulation and man-in-the-middle framework. Prior to version 1.30.2, an authenticated SQL injection vulnerability exists in the GetOrphaned recipient listing endpoint in versions prior to v1.30.2. The endpoint constructs a raw SQL query and concatenates the...

CVE-2026-28226 Phishing Club has Authenticated Blind SQL Injection in GetOrphaned Recipient Listing

Phishing Club is a phishing simulation and man-in-the-middle framework. Prior to version 1.30.2, an authenticated SQL injection vulnerability exists in the GetOrphaned recipient listing endpoint in versions prior to v1.30.2. The endpoint constructs a raw SQL query and concatenates the...

CVE-2026-28226 Phishing Club has Authenticated Blind SQL Injection in GetOrphaned Recipient Listing

Phishing Club is a phishing simulation and man-in-the-middle framework. Prior to version 1.30.2, an authenticated SQL injection vulnerability exists in the GetOrphaned recipient listing endpoint in versions prior to v1.30.2. The endpoint constructs a raw SQL query and concatenates the...

Phishing Club SQL注入漏洞

Phishing Club is an open-source platform for simulating and testing phishing attacks developed by Phishing Club. Versions of Phishing Club prior to 1.30.2 contained a SQL injection vulnerability. This vulnerability stemmed from the GetOrphaned recipient list endpoint, where the sortBy value...

Linux Distros Unpatched Vulnerability : CVE-2019-12471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on...

RHSA-2023:6298 Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.30.2 security update

Bulletin has no description...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.30.2 security update

Red Hat OpenShift Serverless 1.30.2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

Wikimedia information leak vulnerability

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

MediaWiki Cross-site Scripting (XSS)

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

CVE-2021-39343

The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in...

PT-2021-22550 · WordPress · Mpl-Publisher

Name of the Vulnerable Software and Affected Versions: MPL-Publisher WordPress plugin versions up to and including 1.30.2 Description: The issue arises from insufficient input validation and sanitization via several parameters found in the /libs/PublisherController.php file, allowing attackers wi...

MediaWiki >= 1.18.0, <= 1.32.1 Incorrect Access Control Vulnerability - Linux

MediaWiki is prone to incorrect access control SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-12469

MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

CVE-2019-12470

Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

Design/Logic Flaw

MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

UBUNTU-CVE-2019-12470

Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...