CVE-2026-28050 WordPress Beacon theme <= 2.24 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Beacon beacon allows PHP Local File Inclusion.This issue affects Beacon: from n/a through = 2.24...

WordPress plugin Beacon 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2020-9308

Malware in sbrugna...

EUVD-2007-3899

Malware in sbrugna...

EUVD-2018-1355

Malware in sbrugna...

CVE-2025-58651 WordPress PlayerJS Plugin <= 2.24 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PlayerJS PlayerJS playerjs allows DOM-Based XSS.This issue affects PlayerJS: from n/a through = 2.24...

CVE-2007-3915

Mondo 2.24 has insecure handling of temporary files...

CVE-2024-45593

Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root...

CVE-2024-45845

...

OPENSUSE-SU-2024:11022-1 links-2.24-1.2 on GA media

These are all security issues fixed in the links-2.24-1.2 package on the GA media of openSUSE Tumbleweed...

WordPress AJAX Login and Registration modal popup + inline form Plugin <= 2.23 is vulnerable to Cross Site Scripting (XSS)

Software AJAX Login and Registration modal popup + inline form Type Plugin Vulnerable versions = 2.23 Fixed in 2.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33918 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID ea1aeec00d87...

BIT-GIT-2020-5260 malicious URLs may cause Git to present stored credentials to the wrong server

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

Oracle Linux 7 : glibc (ELSA-2016-3638)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3638 advisory. - CVE-2016-3075: Stack overflow in nssdnsgetnetbynamer 1321993 - Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow 1296031. Tenable has extracted the...

LilyPond 安全漏洞

LilyPond is an open source music carving software. A security vulnerability exists in versions prior to LilyPond 2.24, which originates from bypassing the protection mechanism via output-def-lookup or output-def-scope, and can be exploited by an attacker to cause arbitrary code execution...

SUSE CVE-2018-6551

The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller than requested, eventually...

ARM mbed TLS 缓冲区错误漏洞

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. a security vulnerability exists in versions prior to Arm Mbed TLS 2.24.0, which stems from the program having a buffer that reads data excessively. No details of the vulnerability are...

PT-2021-14655 · Jenkins · Jenkins Tracetronic Ecu-Test Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins TraceTronic ECU-TEST Plugin versions 2.23.1 and earlier Description: The issue allows credentials to be stored unencrypted in the global configuration file on the Jenkins controller, making them accessible to users with access to the...

Microsoft Dynamics 365 (on-premises) Update 2.24

Microsoft Dynamics 365 on-premises Update 2.24 Introduction Service Update 2.24 for Microsoft Dynamics CRM on-premises 8.2 is now available. This article describes the hotfixes and updates that are included in Service Update 2.24. More information Update package| Version number ---|--- Microsoft...

CVE-2020-14518

Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker...

CVE-2020-5260

CVE-2020-5260 affects Git by newline-injection in the credential helper protocol, enabling a crafted URL to exfiltrate credentials from one host to another. Affected Git releases were patched in April 2020; fixes are in 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26....