CVE-2026-2110 Tasin1025 SwiftBuy login.php excessive authentication

A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote...

MiracleLinux 4 : openssl-1.0.0-20.AXS4.4, openssl098e-0.9.8e-17.AXS4.2 (AXSA:2012-535:05)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-535:05 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which...

Oracle Linux 8 : container-tools:rhel8 (ELSA-2025-21232)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21232 advisory. slirp4netns 1.2.3-1 - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.3 - Related: Jira:RHEL-2110 1.2.2-1 - update to...

container-tools:rhel8 security update

slirp4netns 1.2.3-1 - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.3 - Related: Jira:RHEL-2110 1.2.2-1 - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.2 - Related: Jira:RHEL-2110 1.2.1-1 - update to...

CVE-2023-2110

Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies tex...

CVE-2025-2110

creationtimestamp| type| source ---|---|--- 2025-03-26 11:25:21+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8829 2025-03-26 13:00:50+00:00| seen| Telegram/TV1T31eHrvyU-flISm4W9ELqZ4evKW9LK1i2AgsxeMw9Ac 2025-03-26 13:53:18+00:00| seen| https://t.me/cvedetector/21169...

CVE-2025-2110 WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15. This makes it possible for authenticate...

CVE-2025-2110

CVE-2025-2110 is a real vulnerability affecting the WordPress plugin WP Compress – Instant Performance & Speed Optimization, where missing capability checks on AJAX functions exist in versions up to 6.30.15. This allows authenticated users with Subscriber-level access and above to perform unautho...

CVE-2025-2110 WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15. This makes it possible for authenticate...

Linux Distros Unpatched Vulnerability : CVE-2012-2110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer...

container-tools:ol8 bug fix and enhancement update

aardvark-dns 2:1.10.0-1 - update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0 - Related: Jira:RHEL-2110 2:1.9.0-1 - update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0 - Related: Jira:RHEL-2110 2:1.8.0-1 - update to...

CVE-2024-2110

The CVE-2024-2110 issue affects the WordPress plugin Events Manager – Calendar, Bookings, Tickets, and more! The Red Hat and Wordfence references confirm a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to 6.4.7.1 due to missing/incorrect nonce validation on multiple actions. ...

CVE-2024-2110 Events Manager <= 6.4.7.1 - Cross-Site Request Forgery

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers...

WordPress Events Manager Plugin <= 6.4.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Events Manager Type Plugin Vulnerable versions = 6.4.7.1 Fixed in 6.4.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2110 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a9d596e2f02f Credits Tim Coen Required...

Oracle Linux 7 : rsyslog (ELSA-2019-2110)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2110 advisory. 8.24.0-38.0.2 - Newer gcc complains about implicit declaration of prctl. Added header file to quiesce the compiler 8.24.0-38 RHEL 7.7 ERRATUM - added patch...

CVE-2023-2110

creationtimestamp| type| source ---|---|--- 2023-08-19 12:38:58+00:00| seen| https://t.me/cibsecurity/68856...

CVE-2023-2110

CVE-2023-2110 affects Obsidian Desktop prior to 1.2.8 across Windows, Linux and macOS. The issue is improper path handling that allows a crafted webpage to access local files and exfiltrate them to remote servers via app://local/. Exploitation requires user interaction: opening a malicious markdo...

K53313971: Samba vulnerabilities CVE-2016-2110 and CVE-2016-2115

Security Advisory Description CVE-2016-2110 The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove...

SUSE CVE-2016-2110

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

Mahara 安全漏洞

Mahara is a free open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara version 21.04 up to and including version 21.04.7, version 21.10 up to and including version 21.10.5, version 22.04 up to and including version 22.04.3, and version 22.10.0,...