CVE-2023-2541

creationtimestamp| type| source ---|---|--- 2026-03-25 03:00:10+00:00| seen| https://www.knime.com/security/advisoriesCVE-2026-4649...

CVE-2024-2541

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via...

CVE-2005-2541

creationtimestamp| type| source ---|---|--- 2025-11-02 00:30:31+00:00| seen| https://seclists.org/oss-sec/2025/q4/120...

SUSE CVE-2005-2541

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2025-0395...

WordPress WP Project Manager plugin <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin WP Project Manager versions = 2.6.22...

CVE-2025-2541

creationtimestamp| type| source ---|---|--- 2025-04-11 11:50:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11415 2025-04-11 15:37:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmkdybxf432c 2025-04-11 16:27:16+00:00| seen| https://t.me/cvedetector/22749...

CVE-2025-2541 WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2025-2541

CVE-2025-2541 : The WP Project Manager plugin for WordPress (affected:

CVE-2025-2541 WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

Linux Distros Unpatched Vulnerability : CVE-2010-2541

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service application crash or...

Linux Distros Unpatched Vulnerability : CVE-2005-2541

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tar does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. CVE-2005-2541 No...

CVE-2024-2541

creationtimestamp| type| source ---|---|--- 2024-08-29 16:13:07+00:00| seen| https://t.me/cvedetector/4396...

CVE-2024-2541

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via...

WordPress Popup Builder Plugin <= 4.3.4 is vulnerable to Sensitive Data Exposure

Software Popup Builder Type Plugin Vulnerable versions = 4.3.4 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2541 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6c83b1e3c00b Credits Tim Coen Required privilege...

RHEL 9 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tar: Incorrectly handled extension attributes in PAX archives can lead to a crash CVE-2023-39804 Note that Nessus h...

RHEL 8 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tar: null-pointer dereference in paxdecodeheader in sparse.c CVE-2019-9923 - In GNU tar before 1.35,...

RHEL 6 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tar: Bypassing the extract path name CVE-2016-6321 - tar: null-pointer dereference in paxdecodeheader in...

RHEL 7 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tar: Bypassing the extract path name CVE-2016-6321 - tar: null-pointer dereference in paxdecodeheader in...

Amazon Linux 2 : python3 (ALAS-2024-2541)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2541 advisory. An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18...