PT-2026-38831

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

Critical: Red Hat Security Advisory: Kiali 2.11.9 for Red Hat OpenShift Service Mesh 3.1

Kiali 2.11.9 for Red Hat OpenShift Service Mesh 3.1 is now available. An update is now available for Red Hat OpenShift Service Mesh 3.1. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Critical. A Commo...

Slackware Linux 15.0 / current libxml2 Vulnerability (SSA:2026-106-01)

The version of libxml2 installed on the remote host is prior to 2.11.9 / 2.15.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-106-01 advisory. New libxml2 packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes 2.11.9 security update

Red Hat Advanced Cluster Management for Kubernetes 2.11 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.11 images Red Hat Advanced Cluster Management for Kubernetes provides...

Slackware Linux 15.0 / current libxml2 Multiple Vulnerabilities (SSA:2025-050-01)

The version of libxml2 installed on the remote host is prior to 2.11.9 / 2.13.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-050-01 advisory. New libxml2 packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted t...

CVE-2025-0511

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2025-6789 · WordPress · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce plugin for WordPress versions up to, and including, 2.11.9 Description: The issue is related to Stored Cross-Site Scripting via the name parameter due to insufficient input sanitization and output escaping. This allows...

WordPress plugin Welcart e-Commerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

AZL-54657 CVE-2024-40896 affecting package libxml2 for versions less than 2.11.5-2

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

CVE-2024-45410 HTTP client can remove the X-Forwarded headers in Traefik

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

PT-2024-6568

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.11.9 Traefik versions prior to 3.1.3 Description: The issue arises from the manipulation of custom HTTP headers added by Traefik, such as X-Forwarded-Host or X-Forwarded-Port, which can be removed or modified by an...

WordPress Football Pool plugin <= 2.11.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Football Pool versions = 2.11.9...

WordPress Football Pool Plugin <= 2.11.9 is vulnerable to Cross Site Scripting (XSS)

Software Football Pool Type Plugin Vulnerable versions = 2.11.9 Fixed in 2.11.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43139 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 67467a5d4e93 Credits Manab Jyoti Dowarah Required...