Astra Linux - уязвимость в openldap

In OpenLDAP 2.x versions before 2.5.12 and 2.6.x versions before 2.6.2, there is a SQL injection vulnerability in the experimental slapd backend, caused by a SQL statement within an LDAP query. This vulnerability can occur during an LDAP search operation, when the search filter is processed, due ...

JLSEC-2026-174

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

Rancher doesn't properly sanitize credentials in cluster template answers

Impact It was discovered that in Rancher versions up to and including 2.5.12 and 2.6.3 there is a failure to properly sanitize credentials in cluster template answers. This failure can lead to plaintext storage and exposure of credentials, passwords and API tokens. The exposed credentials are...

CVE-2025-67982

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.12...

CVE-2025-67982 WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.12...

CVE-2025-67982

CVE-2025-67982 : WordPress Theme Urna, versions

WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Urna versions = 2.5.12...

CVE-2025-14386

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

WordPress Search Atlas SEO plugin 2.4.4 - 2.5.12 - Missing Authorization to Authenticated (Subscriber+) Authentication Bypass via Account Takeover vulnerability

WordPress Search Atlas SEO plugin 2.4.4 - 2.5.12 - Missing Authorization to Authenticated Subscriber+ Authentication Bypass via Account Takeover vulnerability discovered by kr0d in WordPress Plugin Search Atlas SEO versions 2.4.4-2.5.12...

PT-2025-49904

Name of the Vulnerable Software and Affected Versions thembay Urna versions through 2.5.12 Description An issue exists in thembay Urna that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This is a PHP Remote File Inclusion type of issue...

CVE-2025-62606

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...

CVE-2025-62606 my little forum vulnerable to SQL Injection in Bookmark Reordering via bookmarks parameter

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...

CVE-2025-62606

CVE-2025-62606 affects My Little Forum (PHP/MySQL). Before version 2.5.12, an authenticated SQL injection vulnerability exists in the bookmark reordering feature, allowing any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application’s database (read,...

EUVD-2007-5132

Malware in sbrugna...

EUVD-2002-1291

Malware in sbrugna...

EUVD-2022-2182

Malicious code in bioql PyPI...

EUVD-2022-6532

Malicious code in bioql PyPI...

EUVD-2025-19961

Malicious code in bioql PyPI...

com.avast:sst-app-monix_3 (>=0.17.0 <=0.19.3), com.avast:sst-app-zio_3 (>=0.17.0 <=0.19.3) +70 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_3 (>=2.5.10 <=2.5.12)

co.fs2:fs2-io3 MAVEN version =2.5.10, =0.17.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.16.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.19.3 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-12669993...

CVE-2025-53568

Cross-Site Request Forgery CSRF vulnerability in Tony Zeoli Radio Station radio-station allows Cross Site Request Forgery.This issue affects Radio Station: from n/a through = 2.5.12...