MiracleLinux 8 : pki-deps:10.6 (AXSA:2021-2278:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2278:01 advisory. resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class CVE-2020-1695 Tenable has extracted the preceding description block...

MINI-2278-QCFX-7RC4

Bulletin has no description...

CVE-2023-2278

The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdkpublicaction' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those...

CVE-2022-2278

The Featured Image from URL FIFU WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2020-2278

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content...

CVE-2019-2278

User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660...

CVE-2025-2278

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID...

CVE-2025-2278

creationtimestamp| type| source ---|---|--- 2025-03-13 15:36:59+00:00| seen| https://t.me/cvedetector/20207...

CVE-2025-2278

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID...

CVE-2025-2278

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID...

CVE-2025-2278

CVE-2025-2278 affects Devolutions Server versions prior to or equal to 2024.3.13. The issue is improper access control in the temporary access requests and checkout requests endpoints, enabling an authenticated user to view information about these requests via a known request ID. The provided met...

CVE-2024-2278

Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2278 WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS

Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2023-2278)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.382.b05-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2278 advisory. An issue was discovered in function ciMethodBlocks::makeblockat in Oracle JDK HotSpot VM 11, 17 and OpenJDK...

WordPress WP Directory Kit Plugin < 1.2.0 is vulnerable to Local File Inclusion

Software WP Directory Kit Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-2278 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 5c152fb4dc7b Credits Lana Codes Required privilege...

CVE-2023-2278

CVE-2023-2278 —The WordPress plugin WP Directory Kit is vulnerable to a Local File Inclusion (LFI) via the function wdk_public_action in versions up to and including 1.1.9. This unauthenticated flaw allows attackers to include and execute arbitrary PHP files on the server, potentially bypassing a...

Schneider Electric Struxureware Building Operations Improper Access Control (CVE-2016-2278)

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism. This plugin only works with Tenable.ot. Please...

CVE-2022-2278

creationtimestamp| type| source ---|---|--- 2022-08-01 16:17:06+00:00| seen| https://t.me/cibsecurity/47325...

CVE-2022-2278 Featured Image from URL < 4.0.1 - Admin+ Stored Cross-Site Scripting

The Featured Image from URL FIFU WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2022-2278

CVE-2022-2278 affects the WordPress plugin Featured Image from URL (FIFU) prior to version 4.0.1. The issue arises because the plugin does not validate, sanitize, and escape certain settings, enabling stored Cross‑Site Scripting by high-privilege users (e.g., admins) when unfiltered_html is disal...