Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)

Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege escalation through cluster role template binding CRTB and project role template binding PRTB. This issue does not affect the local cluster, it affects onl...

CVE-2019-11871

The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins...

WordPress plugin Sky Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Sky Addons for Elementor plugin <= 2.5.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Sky Addons for Elementor versions = 2.5.15...

SmartRG Router SR510n 2.6.13 Remote Code Execution

Exploit Title: SmartRG Router SR510n 2.6.13 - RCE Remote Code Execution Date: 13/06/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://adtran.com Version: 2.5.15 / 2.6.13 confirmed Tested on: SR506n 2.5.15 & SR510n 2.6.13 CVE : CVE-2022-37661 import requests from subprocess import...

PT-2022-24037 · Smartrg · Smartrg Sr506N +1

Name of the Vulnerable Software and Affected Versions: SmartRG SR506n version 2.5.15 SmartRG SR510n version 2.6.13 Description: The issue allows for Remote Code Execution RCE via the ping host feature. Recommendations: For SmartRG SR506n version 2.5.15, consider disabling the ping host feature...

CVE-2021-32789

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...

Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.15-alt0.M80P.1

2.5.15-alt0.M80P.1 built Jan. 10, 2020 Sergey Y. Afonin in task 243774 Jan. 2, 2020 Sergey Y. Afonin - 2.5.15 fixes: CVE-2019-19783...

WordPress Custom Field Suite Plugin < 2.5.15 XSS Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

Design/Logic Flaw

The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins...

GHSA-74VQ-H4Q8-X6JV Ansible Path Traversal vulnerability

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...

PYSEC-2019-5

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...

be.venneborg:play26-refined_2.11 (>=0.2.0 <=0.3.0), be.venneborg:play27-refined_2.11 (=0.3.0) +573 more potentially affected by CVE-2018-16115 via com.typesafe.akka:akka-actor_2.11 (>=2.5.0 <=2.5.15)

com.typesafe.akka:akka-actor2.11 MAVEN version =2.5.0, =0.2.0, =0.1.1, =1.4-P26-B3, =1.4-P26-B4 - com.andrewgapic:spark-streaming-twitch =1.0.0 and more Source cves: CVE-2018-16115 Source advisory: OSV:GHSA-MR95-9RR4-668F...