Async Http Client 安全漏洞

Async Http Client is an open-source Java-based asynchronous HTTP and WebSocket client library developed by AsyncHttpClient. Versions prior to 3.0.9 and 2.14.5 of Async Http Client had security vulnerabilities. These vulnerabilities stemmed from the redirection process, where authorization headers...

OPENSUSE-SU-2026:10213-1 libxml2-16-2.14.5-4.1 on GA media

These are all security issues fixed in the libxml2-16-2.14.5-4.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10167-1 libxml2-16-2.14.5-3.1 on GA media

These are all security issues fixed in the libxml2-16-2.14.5-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10085-1 libxml2-16-2.14.5-2.1 on GA media

These are all security issues fixed in the libxml2-16-2.14.5-2.1 package on the GA media of openSUSE Tumbleweed...

Security update for icinga2 (important)

openSUSE Security Update: Security update for icinga2 Announcement ID: openSUSE-SU-2025:0457-1 Rating: important References: 1084909 1233310 Cross-References: CVE-2024-49369 CVSS scores: CVE-2024-49369 SUSE: 10 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Affected Products:...

EUVD-2025-24001

Malicious code in bioql PyPI...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow. An attacker can access sensitive information by triggering a specially crafted input that causes the process to read beyond the intended memory boundaries. Remediation Upgrade libxml2 to version 2.14.5 or higher...

CVE-2024-8860

The Tourfic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tforderstatusemailresendfunction, tfvisitordetailseditfunction, tfcheckinoutdetailseditfunction, tforderstatuseditfunction, tforderbulkactioneditfunction,...

PT-2025-34747 · WordPress · Tourfic

Name of the Vulnerable Software and Affected Versions: Tourfic plugin for WordPress versions up to and including 2.14.5 Description: The Tourfic plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check in the following functions: tf order status emai...

WordPress Tourfic plugin <= 2.14.5 - Missing Authorization in Multiple Functions vulnerability

Missing Authorization in Multiple Functions vulnerability discovered by WordFence in WordPress Plugin Tourfic versions = 2.14.5...

CVE-2025-8732

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...

libxml2 安全漏洞

libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 version 2.14.5 and earlier, which stems from an uncontrolled recursion problem...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow due to unsafe use of strcpy in the xmllint interactive shell command tool. An attacker can cause a crash by providing an overly long argument to any shell command during an interactive session. Note: This...

WordPress Import WP plugin <= 2.14.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability

Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Import WP versions = 2.14.5...

CVE-2024-13562

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored...

PT-2025-2219 · WordPress · Import Wp

Name of the Vulnerable Software and Affected Versions: Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress versions up to, and including, 2.14.5 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the...

WordPress plugin Import WP – Export and Import CSV and XML files to WordPress 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Import WP -...

GHSA-GP69-XCM6-FFQJ Web2py Cross-Site Request Forgery vulnerability

Web2py versions 2.14.5 and below was affected by CSRF Cross Site Request Forgery vulnerability, which allows an attacker to trick a logged-in administrator into performing unwanted actions i.e An attacker can trick a victim into disable the installed application just by visiting a URL...

CVE-2018-14010

OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.14.5, fixing several security issues and other bugs...