CVE-2026-1304

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

MiracleLinux 8 : e2fsprogs-1.45.6-5.el8 (AXSA:2022-4202:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4202:02 advisory. e2fsprogs: out-of-bounds read/write via crafted filesystem CVE-2022-1304 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : e2fsprogs-1.46.5-3.el9 (AXSA:2023-4587:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4587:01 advisory. e2fsprogs: out-of-bounds read/write via crafted filesystem CVE-2022-1304 Tenable has extracted the preceding description block directly from the MiracleLinux...

EUVD-2026-1304

The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabsoptionspageformsubmit function. This makes it possible for unauthenticated attackers to update plug...

CVE-2025-1304

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

Linux Distros Unpatched Vulnerability : CVE-2018-1304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The URL pattern of the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27,...

NewStart CGSL MAIN 7.02 : e2fsprogs Vulnerability (NS-SA-2025-0172)

The remote NewStart CGSL host, running version MAIN 7.02, has e2fsprogs packages installed that are affected by a vulnerability: - An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a speciall...

Exploit for Missing Authorization in Spicethemes Newsblogger

🚨 WordPress NewsBlogger Theme = 0.2.5.1 - Arbitrary File Uplo...

CVE-2025-1304

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-1304

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

WordPress NewsBlogger Theme <= 0.2.5.1 is vulnerable to Arbitrary File Upload

Software NewsBlogger Type Theme Vulnerable versions = 0.2.5.1 Fixed in 0.2.5.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-1304 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 233ab859c905 Credits CVEhunter Required privilege Subscriber...

e2fsprogs security update

1.45.4-3.0.7.el7 - libext2fs: add sanity check to extent manipulation Srivathsa Dara Orabug: 37095032 CVE-2022-1304...

Oracle Linux 7 : e2fsprogs (ELSA-2024-12730)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12730 advisory. - libext2fs: add sanity check to extent manipulation Srivathsa Dara Orabug: 37095032 CVE-2022-1304 - Fix potential buffer overflow in closefs 1193947,...

Oracle Linux 7 : e2fsprogs (ELSA-2024-12731)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12731 advisory. 1.45.4-3.0.7.el7 - libext2fs: add sanity check to extent manipulation Srivathsa Dara Orabug: 37095032 CVE-2022-1304 Tenable has extracted the preceding...

[SECURITY] [DLA 3910-1] e2fsprogs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3910-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk October 04, 2024 https://wiki.debian.org/LTS -...

Oracle Linux 7 : e2fsprogs (ELSA-2024-12704)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12704 advisory. 1.45.4-3.0.7 - libext2fs: add sanity check to extent manipulation Srivathsa Dara Orabug: 37095032 CVE-2022-1304 Tenable has extracted the preceding description...

e2fsprogs security update

1.45.4-3.0.7 - libext2fs: add sanity check to extent manipulation Srivathsa Dara Orabug: 37095032 CVE-2022-1304...

Huawei EulerOS: Security Advisory for e2fsprogs (EulerOS-SA-2024-2265)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2024-2453

Software: e2fsprogs 1.46.6 WASP: ROSA-CHROME packageevrstring: e2fsprogs-1.46.6-1 CVE-ID: CVE-2022-1304 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A read/write vulnerability outside the allocated area has been detected in e2fsprogs. This issue leads to a segmentation error and possible execution of...

CVE-2024-23485

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...