WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting

The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

OpenVPN DoS Vulnerability (Dec 2025) - Windows

OpenVPN is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn";...

PT-2025-47577

Name of the Vulnerable Software and Affected Versions OpenVPN versions prior to 2.6.16 Description The memcmp function in OpenVPN has an issue related to the use of a cryptographic algorithm with flaws when processing HMAC requests. Successful exploitation could allow a remote attacker to gain...

EUVD-2006-1864

Malware in sbrugna...

EUVD-2021-20741

Malware in sbrugna...

EUVD-2010-4492

Malware in sbrugna...

EUVD-2022-46198

Malicious code in bioql PyPI...

CVE-2024-12195

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'projectid' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to, and including, 2.6.16 d...

WordPress WP Project Manager plugin <= 2.6.16 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Project Manager versions = 2.6.16...

PT-2025-1774 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin versions up to and including 2.6.16 Description: The WP Project Manager plugin for WordPress is vulnerable to SQL Injection via the project id parameter of the "/wp-json/pm/v2/projects/2/task-lists" REST API endpoint...

PT-2024-16361 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin for WordPress versions prior to 2.6.16 Description: The issue allows authenticated attackers with Subscriber-level access and above to extract sensitive data, including hashed passwords of project owners, via the...

PT-2024-27426 · WordPress · Wp-Lister Lite For Amazon

Name of the Vulnerable Software and Affected Versions: WP-Lister Lite for Amazon versions 2.6.16 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: Fo...

WordPress WP-Lister Lite for Amazon Plugin <= 2.6.16 is vulnerable to Cross Site Scripting (XSS)

Software WP-Lister Lite for Amazon Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37261 Patch priority Medium CVSS severity Medium 7.1 Developer WP Lab PSID 6ad653dd30ed Credits Le Ngoc Anh Required privileg...

SUSE CVE-2006-0038

Integer overflow in the doreplace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAPNETADMIN rights to cause a buffer overflow in the copyfromuser function...

SUSE CVE-2006-1523

The groupcompletesignal function in the RCU signal handling signal.c in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUGON...

SUSE CVE-2006-1864

Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences, a similar vulnerability to CVE-2006-1863...

SUSE CVE-2010-4524

Cross-site scripting XSS vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt and ipt sequences...

CVE-2022-43152

tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBits at /tsMuxer/bitStream.h...

PT-2022-26778 · Tsmuxer · Tsmuxer

Name of the Vulnerable Software and Affected Versions: tsMuxer version 2.6.16 Description: A heap overflow issue was discovered in the function BitStreamWriter::flushBits located at /tsMuxer/bitStream.h. Recommendations: For tsMuxer version 2.6.16, consider disabling the BitStreamWriter::flushBit...

Play Framework's Assets controller vulnerable to directory traversal

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...