SUSE: Security Advisory (SUSE-SU-2026:20995-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for dnsdist (low)

openSUSE security update: security update for dnsdist ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20461-1 Rating: low References: bsc1250054 bsc1253852 Cross-References: CVE-2025-30187 CVE-2025-8671 CVSS scores: CVE-2025-30187 SUSE : 3.7...

SUSE SLED15 / SLES15 Security Update : dnsdist (SUSE-SU-2026:0888-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0888-1 advisory. Update to dnsdist 1.9.11: - CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. -...

Security update for dnsdist

This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. CVE-2025-30187: denial of service via crafted DoH exchange bsc1250054. Patch Instructions: To install this SUSE update use the SUSE recommend...

CVE-2024-30461

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS.This issue affects Tumult Hype Animations: from n/a through 1.9.11...

CVE-2024-30461 WordPress Tumult Hype Animations plugin <= 1.9.11 - CSRF to XSS vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS.This issue affects Tumult Hype Animations: from n/a through 1.9.11...

WordPress plugin Tumult Hype Animations 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

PT-2026-1295

Name of the Vulnerable Software and Affected Versions Tumult Hype Animations versions through 1.9.11 Description A flaw exists in Tumult Hype Animations that allows for DOM-Based Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...

WordPress Fluent Booking - The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution plugin <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management vulnerability

WordPress Fluent Booking - The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution plugin = 1.9.11 - Authenticated Subscriber+ Missing Authorization to Calendar Import and Management vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPre...

CVE-2025-67597

Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through = 1.9.11...

CVE-2025-67597

Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through = 1.9.11...

EUVD-2025-202056

Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through = 1.9.11...

CVE-2025-67597

CVE-2025-67597 concerns the WordPress Fluent Booking plugin (fluent-booking) with versions up to 1.9.11. The issue is a Missing Authorization vulnerability caused by insufficient access-control checks, enabling unauthorized access to Fluent Booking features. The CVSS v3.1 base score is 4.3 (Mediu...

PT-2025-49971

Name of the Vulnerable Software and Affected Versions Shahjahan Jewel Fluent Booking versions through 1.9.11 Description An incorrect access control configuration allows unauthorized access to the Fluent Booking plugin. The issue is due to missing authorization checks, potentially allowing...

WordPress plugin Fluent Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-13756

The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...

CVE-2025-13756

The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...

CVE-2025-13756 Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management

The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...

CVE-2025-13756

CVE-2025-13756 affects Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution for WordPress up to version 1.9.11. The issue is an unauthorized calendar import/management capability due to a missing capability check in importCalendar, enabling authenticated...

PT-2025-48811

The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...