Important: Red Hat Security Advisory: RHOAI 2.16.4 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.16.4 provides these changes:...

EUVD-2026-8816

Koa has Host Header Injection via ctx.hostname...

koa 输入验证错误漏洞

Koa.js is an open-source project developed by Koa.js, which uses Node.js as an expressive middleware. Versions of Koa prior to 3.1.2 and 2.16.4 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper parsing of the HTTP Host header, which could lead ...

EUVD-2025-27647

Malicious code in bioql PyPI...

WordPress Elements Plus! plugin <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Elements Plus! versions = 2.16.4...

CVE-2024-12588 Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2024-17666 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme plugin for WordPress versions up to, and including, 2.16.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Staff widget due to insufficient input sanitization and...

PT-2024-39689 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Phlox theme plugin for WordPress versions up to, and including, 2.16.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's aux contact box and aux gmaps shortcodes due to insufficient input sanitization and outpu...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.16.3 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.16.3 Fixed in 2.16.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8486 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b44af62239ce...

[SECURITY] Fedora 31 Update: mbedtls-2.16.4-1.fc31

Mbed TLS is a light-weight open source cryptographic and SSL/TLS library written in C. Mbed TLS makes it easy for developers to include cryptographic and SSL/TLS capabilities in their embedded applications with as little hassle as possible. FOSS License Exception:...

Git for Windows 2.13.x < 2.13.7 / 2.14.x < 2.14.4 / 2.15.x < 2.15.2 / 2.16.x < 2.16.4 / 2.17.x < 2.17.1 Remote Code Execution

The version of Git for Windows installed on the remote host is 2.13.x prior to 2.13.7, 2.14.x prior to 2.14.4, 2.15.x prior to 2.15.2, 2.16.x prior to 2.16.4 or 2.17.x prior to 2.17.1. It is, therefore, affected by a remote code execution vulnerability. C Tenable Network Security, Inc...

CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

CVE-2010-3382

tauex in Tuning and Analysis Utilities TAU 2.16.4 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

CVE-2008-5157

tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a 1 /tmp/makefile.tau.. or 2 /tmp/makefile.tau. temporary file, related to the a taucxx, b tauf90, and c taucc scripts...

CVE-2008-5157

The CVE-2008-5157 entry concerns tau 2.16.4. It describes a local-privilige escalation where local users can overwrite arbitrary files via a symlink attack targeting temporary files: /tmp/makefile.tau..##### or /tmp/makefile.tau .#####, associated with the tau_cxx, tau_f90, and tau_cc scripts. Th...

CVE-2008-5157

tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a 1 /tmp/makefile.tau.. or 2 /tmp/makefile.tau. temporary file, related to the a taucxx, b tauf90, and c taucc scripts...

GNOME显示管理器G_Strsplit函数本地拒绝服务漏洞

BUGTRAQ ID: 25191 CVE ID:CVE-2007-3381 CNCVE ID:CNCVE-20073381 GNOME Display Manager是Gnome的显示管理器。 GNOME Display Manager GStrsplit函数不正确处理GDM套接字命令，本地攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建特殊的GDM报文命令会引起GDM停止管理显示，导致拒绝服务。目前没有详细漏洞细节提供。 GNOME GDM 2.19.4 GNOME GDM 2.19.3 GNOME GDM 2.19.2 GNOME GDM 2.19.1 GNOME GDM...

Fedora Core 6 : gdm-2.16.4-1.fc6 (2006-1468)

This update brings gdm to the latest stable upstream version, which among other bug fixes and improvements contains a fix for a recently reported security issue that has ID CVE-2006-6105. This fixes a problem where a user can enter strings like '%08x' into the gdmchooser 'Add'j host button and...