EUVD-2025-26291

Malicious code in bioql PyPI...

CVE-2025-9725

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

CVE-2025-9725

CVE-2025-9725 – Cudy LT500E Web shadow hard-coded password . The vulnerability affects LT500E devices up to firmware 2.3.12, in the Web Interface’s /squashfs-root/etc/shadow function, allowing use of a hard-coded password. Exploitation is local, with high attack complexity and reported exploitabi...

CVE-2025-9725 Cudy LT500E Web shadow hard-coded password

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

PT-2025-35404

Name of the Vulnerable Software and Affected Versions Cudy LT500E versions prior to 2.3.13 Description A vulnerability exists in Cudy LT500E up to version 2.3.12. The issue resides in an unknown function within the /squashfs-root/etc/shadow file of the Web Interface component, leading to the use ...

CVE-2023-23720

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NetReviews SAS Verified Reviews Avis Vérifiés plugin = 2.3.13 versions...

WordPress Responsive Gallery Grid Plugin <= 2.3.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Responsive Gallery Grid Type Plugin Vulnerable versions = 2.3.13 Fixed in 2.3.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41659 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f625c8937bf3 Credits Rio...

CVE-2023-23720

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NetReviews SAS Verified Reviews Avis Vérifiés plugin = 2.3.13 versions...

WordPress plugin Verified Reviews (Avis Vérifiés) 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2021-7493 · Haproxy +2 · Haproxy +2

Name of the Vulnerable Software and Affected Versions: HAProxy versions 2.2 before 2.2.16 HAProxy versions 2.3 before 2.3.13 HAProxy versions 2.4 before 2.4.3 Description: The issue is related to a mismatch between Host and authority being mishandled, which can lead to an attacker-controlled HTTP...

Security fix for the ALT Linux 9 package dovecot version 2.3.13-alt1

2.3.13-alt1 built Jan. 18, 2021 Andrey Cherepanov in task 264566 Jan. 12, 2021 Andrey Cherepanov - Updated to 2.3.13 fixes CVE-2020-24386, CVE-2020-25275...

Updated dovecot packages fix security vulnerabilities

It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users’ email CVE-2020-24386. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could...

CVE-2020-25275

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts...

CVE-2020-25275

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. Mitigation A potential mitigation is configuring the mail transfer agent to not accept messages with more than...

CVE-2020-25275

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts...

CVE-2020-24386

An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages and path disclosure...

[ASA-202101-4] dovecot: multiple issues

Arch Linux Security Advisory ASA-202101-4 ========================================= Severity: High Date : 2021-01-04 CVE-ID : CVE-2020-24386 CVE-2020-25275 Package : dovecot Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1398 Summary ======= The package dovecot befo...

Dovecot 输入验证错误漏洞

Dovecot is an open source IMAP and POP3 mail server for Linux/Unix. A denial of service vulnerability exists in Dovecot versions prior to 2.3.13. The vulnerability stems from improper input validation issues with lda, lmtp, and imap. An attacker could exploit the vulnerability via a specially...

Stack overflow

Multiple stack-based buffer overflows in the DIVA web service API /webservice in VDG Security SENSE formerly DIVA 2.3.13 allow remote attackers to execute arbitrary code via the 1 user or 2 password parameter in an AuthenticateUser request...

java-1.7.0-openjdk security update

1.7.0.45-2.4.3.2.0.1.el6 - Update DISTRONAME in specfile 1.7.0.40-2.4.3.1.el6 - sync with rhel 6.5 to icedtea 2.4 because of pernament tck failures - nss kept disabled - Resolves: rhbz1017626 1.7.0.25-2.3.13.4.el6 - added back patch408 tck201310155.patch, to resolve one of tck failures - Resolves...