Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

CVE-2026-2895

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

CVE-2026-2895

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

CVE-2026-2895

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

CVE-2026-2895

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

CVE-2026-2895 funadmin Member.php repass password recovery

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

CVE-2019-2895

Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager component: Exadata Plug-In Deploy and Ins. Supported versions that are affected are 12.1.0.5.0, 13.2.2.0.0, 13.3.1.0.0 and 13.3.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with...

CVE-2025-2895 IBM Cloud Pak System HTML injection

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting...

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System[CVE-2020-5256, CVE-2025-2895]

Summary Multiple Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System is affected to Prototype Pollution due to Dojo and HTML Injection in JavaScript. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: In affected versions of dojo NPM package, the deepCopy method is...

SUSE: Security Advisory (SUSE-SU-2024:2895-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-2895

creationtimestamp| type| source ---|---|--- 2024-01-09 12:11:24+00:00| seen| https://t.me/ctinow/164966...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2023-2895)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2895

creationtimestamp| type| source ---|---|--- 2023-06-09 12:27:42+00:00| seen| https://t.me/cibsecurity/65094...

CVE-2023-2895

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkactivateproduct function. This makes it possible for unauthenticated attackers to bulk activate products...

CVE-2023-2895

CVE-2023-2895 (WP EasyCart for WordPress) is a CSRF vulnerability affecting versions up to and including 5.4.8. Root cause: missing/incorrect nonce validation in the process_bulk_activate_product function allows unauthenticated attackers to bulk-activate products via forged requests, e.g., tricki...

WordPress WP EasyCart Plugin <= 5.4.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP EasyCart Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2895 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a60a1e37ef26 Credits Alex Thomas Required...

SUSE CVE-2012-2895

The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations...

RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:2895)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2895 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

CVE-2022-2895

Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file...

CVE-2022-2895

CVE-2022-2895 affects Measuresoft ScadaPro Server (All Versions). The vulnerability stems from unmaintained ActiveX controls used by ScadaPro Server, enabling two stack-based buffer overflow instances while processing a specific project file. ZDI advisories describe remote code execution with use...