Lucene search
+L

48 matches found

attackerkb
attackerkb
added 2026/05/28 3:27 a.m.13 views

CVE-2026-9228

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References7
patchstack
patchstack
added 2026/05/27 2:55 p.m.14 views

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Timetable and Event Schedule versions = 2.4.16...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References1Affected Software1
redhat
redhat
added 2026/05/12 9:6 p.m.17 views

Important: Red Hat Security Advisory: Kiali 2.4.16 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.16 for Red Hat OpenShift Service Mesh 3.0 is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

10CVSS6.8AI score0.00808EPSS
Exploits6References10
amazon
amazon
added 2026/04/30 12:0 a.m.13 views

Important: cups

Issue Overview: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside...

7.8CVSS6.6AI score0.00502EPSS
Exploits4
cnnvd
cnnvd
added 2026/04/17 12:0 a.m.14 views

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References2
susecve
susecve
added 2026/04/07 11:25 p.m.8 views

SUSE CVE-2026-34979

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

5.3CVSS6.1AI score0.00379EPSS
Exploits1References9
nessus
nessus
added 2026/04/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-34979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer...

5.3CVSS5.8AI score0.00379EPSS
Exploits1References4
euvd
euvd
added 2026/04/04 12:31 p.m.9 views

EUVD-2026-18999

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authenticated attackers, with subscriber level access and...

8.8CVSS6AI score0.00446EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/04/04 11:16 a.m.2 views

CVE-2026-3666 wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authenticated attackers, with subscriber level access and...

8.8CVSS6AI score0.00446EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/04 12:0 a.m.11 views

PT-2026-30347

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin for WordPress versions up to and including 2.4.16 Description The wpForo Forum plugin for WordPress is susceptible to arbitrary file deletion due to a missing file name/path validation against path traversal sequences...

8.8CVSS6AI score0.00446EPSS
Exploits0References9
osv
osv
added 2026/04/03 10:16 p.m.2 views

DEBIAN-CVE-2026-34979

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

5.3CVSS5.6AI score0.00379EPSS
Exploits1References1
osv
osv
added 2026/04/03 10:16 p.m.4 views

ALPINE-CVE-2026-27447

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...

6.3CVSS5.3AI score0.00317EPSS
Exploits1References1
euvd
euvd
added 2026/04/03 9:16 p.m.8 views

EUVD-2026-18885

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

5.3CVSS6.1AI score0.00379EPSS
Exploits1References1
cvelist
cvelist
added 2026/04/03 9:16 p.m.38 views

CVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

5.3CVSS0.00379EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/04/03 9:16 p.m.3 views

CVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

5.3CVSS6.1AI score0.00379EPSS
Exploits1References1
osv
osv
added 2026/04/03 9:16 p.m.1 views

CVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

5.3CVSS6.3AI score0.00379EPSS
Exploits1References3
cvelist
cvelist
added 2026/04/03 9:15 p.m.36 views

CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS0.00406EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/04/01 12:0 a.m.7 views

PT-2026-30237

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 2.4.16 Description A heap-based buffer overflow occurs in the CUPS scheduler when building filter option strings from job attributes. This issue is located in the get options function and may allow a remote attacker to...

7.8CVSS6.3AI score0.00502EPSS
Exploits7References60
snyk
snyk
added 2026/03/03 2:52 p.m.3 views

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the cloud providers API. An attacker can gain unauthorized access to cloud provider APIs and perform actions with attached cloud credentials by sending crafted requests through the proxy API...

9.9CVSS5.8AI score0.00832EPSS
Exploits0References2
nessus
nessus
added 2026/02/06 12:0 a.m.4 views

openSUSE 16 Security Update : cups (openSUSE-SU-2026:20172-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20172-1 advisory. Update to version 2.4.16. Security issues fixed: - CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues bsc1253783. ...

8CVSS7.5AI score0.01063EPSS
Exploits4References13
Rows per page
Query Builder