CVE-2026-2109

A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicl...

CVE-2013-2109

WordPress plugin wp-cleanfix has Remote Code Execution...

CVE-2019-2109

In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

CVE-2025-2109

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2025-2109

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2025-2109 WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2025-2109 WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

Siemens SCALANCE X-200RNA Switch Devices Resource Management Errors (CVE-2016-2109)

The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding. This plugin only works with Tenable.ot. Please visit...

Linux Distros Unpatched Vulnerability : CVE-2016-2109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to...

RHEL 4 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: Memory corruption in the ASN.1 encoder CVE-2016-2108 - Integer overflow in the EVPEncodeUpdate...

WordPress Booster Extension Plugin <= 1.2.0 is vulnerable to Sensitive Data Exposure

Software Booster Extension Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2109 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c3706e2b31e0 Credits Krzysztof Zając Required...

SUSE: Security Advisory (SUSE-SU-2023:2109-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2109 Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot

Cross-site Scripting XSS - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0...

CVE-2023-2109 Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot

Cross-site Scripting XSS - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0...

CVE-2023-2109

CVE-2023-2109 describes a DOM-based XSS in the chatwoot/chatwoot project prior to version 2.14.0. Multiple connected sources corroborate the issue as a cross-site scripting vulnerability in the Chatwoot dashboard/chat UI, arising from unsanitized user-supplied data being inserted into the DOM (fo...

K07538415: Multiple OpenSSL vulnerabilities

Security Advisory Description On May 3, 2016, OpenSSL announced the discovery of the following vulnerabilities: CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 For the complete announcement from OpenSSL, refer to OpenSSL Security Advisory 3rd May 2016. Note :...

SUSE CVE-2008-2109

field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service CPU consumption via an ID3FIELDTYPESTRINGLIST field that ends in '\0', which triggers an infinite loop...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM InfoSphere Master Data Management Server (CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176)

Summary IBM WebSphere Application Server is shipped as a component of IBM InfoSphere Master Data Management Server . Information about a security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bullet...

Slackware: Security Advisory (SSA:2016-124-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco SAN switches and directors (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cisco SAN switches and directors. IBM Cisco SAN switches and directors has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2108DESCRIPTION: OpenSSL could allow a remot...