Generation of Error Message Containing Sensitive Information

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000157)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000157 advisory. An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL...

EUVD-2020-20120

Malware in sbrugna...

EUVD-2020-20115

Malware in sbrugna...

CVE-2024-43135

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28...

PT-2024-30324

Name of the Vulnerable Software and Affected Versions Themewinter WPCafe versions 2.2.28 and earlier Description The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows PHP Local File Inclusion. This...

WordPress plugin WPCafe 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

Django SQL Injection Vulnerability (CNVD-2022-31837)

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...

CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

CVE-2022-28347

A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...

CVE-2020-27608

In BigBlueButton before 2.2.28 or earlier, uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document...

CVE-2020-27608

In BigBlueButton before 2.2.28 or earlier, uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document...

Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities in the openldap package up to version 2.2.28-r3 of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

Design/Logic Flaw

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a 1 direct request, 2 step=1 request,...