CVE-2026-27398

Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from n/a through 2.7.16...

CVE-2026-27398 WordPress RSVP and Event Management plugin <= 2.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from n/a through 2.7.16...

CVE-2026-39536

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through = 2.7.16...

CVE-2026-39536

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through = 2.7.16...

PT-2025-51096

The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get users function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including...

RHSA-2020:0217 Red Hat Security Advisory: Ansible security and bug fix update (2.7.16)

Bulletin has no description...

WordPress PowerPack Addons for Elementor Plugin <= 2.7.15 is vulnerable to Cross Site Scripting (XSS)

Software PowerPack Addons for Elementor Type Plugin Vulnerable versions = 2.7.15 Fixed in 2.7.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1411 Patch priority Low CVSS severity Low 6.5 Developer IdeaBox Creations PSID 6ccdfffb7852 Credits wesle...

WordPress Plugin WPFunnels 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WPFunnels Plugin <= 2.7.15 is vulnerable to Insecure Direct Object References (IDOR)

Software WPFunnels Type Plugin Vulnerable versions = 2.7.15 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE N/A Patch priority Low CVSS severity Low 5.4 Developer WPFunnels Team PSID fefed9db57ed Credits Unknown Required privilege...

Mageia: Security Advisory (MGASA-2019-0148)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1149)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-16935

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If setservertitle is called with untrusted input, arbitrary...

Fedora 30 : python2 / python2-docs (2019-0c91ce7b3c)

The remote Fedora 30 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2019-0c91ce7b3c advisory. Update legacy Python to 2.7.16. Most significant improvement is that is builds against OpenSSL 1.1.1. See upstream release announcement and changelo...

CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

CVE-2019-9947

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

CVE-2019-9740

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

[slackware-security] python

New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/python-2.7.16-i586-1slack14.2.txz: Upgraded. Updated to the latest 2.7.x release, which fixes a few security issues. For...

Moodle 2.7.x < 2.7.16 Authentication Bypass

Binary data 9831.prm...