Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.7.10

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.7.10 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.7.10 release that simplify the process of...

CVE-2026-25765 affecting package rubygem-faraday for versions less than 2.7.10-2

CVE-2026-25765 affecting package rubygem-faraday for versions less than 2.7.10-2. A patched version of the package is available...

WordPress Event Tickets with Ticket Scanner plugin <= 2.8.5 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Event Tickets with Ticket Scanner versions = 2.8.5...

Security update for alloy

This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents bsc1251509. CVE-2025-47913: golang.org/x/crypto: early client process termination...

CVE-2025-12885

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...

CVE-2025-12885

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...

EUVD-2006-3302

Malware in sbrugna...

EUVD-2024-40043

Malicious code in bioql PyPI...

WordPress plugin Simple Backup 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2024-43116

Cross-Site Request Forgery CSRF vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10...

CVE-2023-25575

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

CVE-2022-0288

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2020-25912

A XML External Entity XXE vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service DOS...

InfluxData InfluxDB 安全漏洞

InfluxData InfluxDB is a Go-based development of temporal databases from InfluxData, USA. A security vulnerability exists in InfluxData InfluxDB version 2.7.10 and earlier, which stems from a vulnerability that allows an allAccess administrator to retrieve all raw tokens via the influx auth ls...

Rancher 日志信息泄露漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations that deploy containers in production environments. A log information disclosure vulnerability exists in Rancher versions prior to 2.6.14, prior to 2.7.10, and prior to...

PT-2024-30303 · WordPress · Simple Local Avatars

Name of the Vulnerable Software and Affected Versions: Simple Local Avatars versions 2.7.10 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Simple Local Avatars plugin. This allows an attacker to perform unintended actions on a user's account. The estimated number of...

CVE-2024-41613

A Cross Site Scripting XSS vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note...

PT-2024-29464 · Unknown · Symphony Cms

Name of the Vulnerable Software and Affected Versions: symphonycms versions 2.7.10 and below Description: The issue is related to Cross Site Scripting XSS in the Comment component for articles. This allows for malicious scripts to be injected into the website, potentially leading to unauthorized...

Symphony CMS 安全漏洞

Symphony CMS is a content management system from Symphony CMS open source. A security vulnerability exists in Symphony CMS version 2.7.10 and earlier, which stems from a cross-site scripting XSS vulnerability in the component Comment...

WordPress Simple Local Avatars plugin <= 2.7.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Simple Local Avatars versions = 2.7.10...