WordPress Orbit Fox plugin < 3.0.2 - Author+ Server-Side Request Forgery vulnerability

Author+ Server-Side Request Forgery vulnerability discovered by Ryan Roth in WordPress Plugin Orbit Fox by ThemeIsle versions 3.0.2...

CVE-2025-10874

creationtimestamp| type| source ---|---|--- 2025-10-24 06:44:30+00:00| seen| Telegram/X6AwLnUJWhkqlm1fxUe4VN-VXPaeAA21xqmf3I0uSPfDg9Q...

CVE-2024-10874 Quotes llama <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Quotes llama plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quotes-llama' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Quotes llama Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Quotes llama Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10874 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7f9b6d2f50cd Credits Peter Thaleikis Required...

SUSE SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:1509-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1509-1 advisory. - A flaw was found in Ansible before version 2.2.0. The aptkey module does not properly verify key fingerprints, allowing remote...

RHEL 7 : ansible (RHSA-2018:2585)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2585 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH a...

CVE-2019-10874

creationtimestamp| type| source ---|---|--- 2024-04-24 20:41:19+00:00| seen| https://t.me/arpsyndicate/4814...

SUSE-SU-2024:1427-1 Security Beta update for SUSE Manager Client Tools and Salt

This update fixes the following issues: POSImage-Graphical7: - Update to version 0.1.1710765237.46af599 Move image services to dracut-saltboot package Use salt bundle - Update to version 0.1.1645440615.7f1328c Remove deprecated kiwi functions POSImage-JeOS7: - Update to version...

SUSE CVE-2018-10874

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

Mageia: Security Advisory (MGASA-2018-0439)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-10874

CVE-2020-10874 affects Motorola FX9500 (now Zebra FX9500) industrial RFID readers. A remote attacker can read database files due to a disclosed information-disclosure vulnerability. The provided connected documents confirm the product and impact (remote read of database files) but do not specify ...

CVE-2016-10874

Summary (CVE-2016-10874) : The WP-Database-Backup WordPress plugin is affected by a CSRF vulnerability in versions prior to 4.3.3. Multiple sources (Red Hat, CNVD, CVE lists, WPVulnDB, and PT Security) confirm the issue and indicate the vulnerability resides in the plugin’s handling of requests t...

Ubuntu: Security Advisory (USN-4072-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-10874

Cross Site Request Forgery CSRF in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file...

CVE-2019-10874

Cross Site Request Forgery CSRF in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file...

CVE-2019-10874

Bolt CMS 3.6.6 is affected by a CSRF in the bolt/upload file upload feature. An attacker can upload a JavaScript file to trigger code execution by manipulating the file/edit/config/config.yml configuration, enabling arbitrary code execution on the server. The vulnerability is described across mul...

CVE-2019-10874

Cross Site Request Forgery CSRF in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file...

Security Bulletin: A security vulnerability has been identified in Ansible shipped with Data Science Experience Local

Summary Ansible is shipped as a component of Data Science Experience Local. Information about a security vulnerability affecting Ansible has been published in a security bulletin. Vulnerability Details CVEID: CVE-2018-10874 DESCRIPTION: Ansible could allow a local authenticated attacker to execut...

Moderate: Red Hat Security Advisory: ansible security update

An update for ansible is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Fedora 28 : ansible (2018-1d2bc76093)

Update to ansible 2.6.1 bugfix release. Fixes also 2 CVEs: CVE-2018-10874 and CVE-2018-10875 See https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELO G-v2.6.rst for full list of changes. Note that Tenable Network Security has extracted the preceding description block directly fr...