MINI-2439-FG3W-6RGR

Bulletin has no description...

MINI-2439-R378-CWHP

Bulletin has no description...

CVE-2026-2439

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

CVE-2026-2439

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2021-2439:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2439:01 advisory. golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet CVE-2021-29923 Tenable has extracted the preceding...

MiracleLinux 4 : thunderbird-52.5.0-1.AXS4 (AXSA:2017-2439:07)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-2439:07 advisory. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or,...

CVE-2024-2439

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

EUVD-2025-2439

Malicious code in bioql PyPI...

CVE-2023-2439

The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

PT-2025-14610 · Undefined · Undefined

Four CVEs assigned: CVE-2025-2446 path traversal, CVE-2025-2439 GGUF parser read, CVE-2025-2445 Python-engine injection, CVE-2025-2447 missing CSRF...

PT-2025-14612 · Undefined · Undefined

Four CVEs assigned: CVE-2025-2446 path traversal, CVE-2025-2439 GGUF parser read, CVE-2025-2445 Python-engine injection, CVE-2025-2447 missing CSRF...

Linux Distros Unpatched Vulnerability : CVE-2002-2439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the new operator in gcc before 4.8.0 allows attackers to have unspecified impacts. CVE-2002-2439 Note that Nessus relies on the presence of...

CVE-2022-2439

The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'uploadfile' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using...

WordPress Easy Digital Downloads Plugin <= 3.3.3 is vulnerable to PHP Object Injection

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2439 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 526dc70018f3 Credits Rasoul Jahanshahi Required privilege...

RHEL 5 : gcc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gcc: integer overflow flaws in libgfortran CVE-2014-5044 - Integer overflow in the new operator in gcc...

RHEL 6 : gcc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gcc: integer overflow flaws in libgfortran CVE-2014-5044 - Integer overflow in the new operator in gcc...

CVE-2024-2439

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2439 Salon booking system <= 9.6.5 - Editor+ Stored XSS

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2439

CVE-2024-2439 affects the Salon booking system WordPress plugin up to version 9.6.5. The vulnerability is a Stored XSS arising from insufficient sanitization/escaping of plugin settings, enabling high-privilege users (e.g., Editor) to inject script even if unfiltered_html is disabled (e.g., multi...

WordPress Salon booking system Plugin <= 9.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Salon booking system Type Plugin Vulnerable versions = 9.6.5 Fixed in 9.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 667860bc9aac Credits cyc707 Required...