WordPress WineShop theme <= 3.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme WineShop versions = 3.17...

CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

ROOT-OS-ALPINE-317-CVE-2023-50230 CVE-2023-50230 in rootio-bluez - Patched by Root

Root has patched CVE-2023-50230 in the rootio-bluez package for Root:Alpine:3.17. Multiple fixed versions available...

ROOT-OS-ALPINE-317-CVE-2023-49284 CVE-2023-49284 in rootio-fish - Patched by Root

Root has patched CVE-2023-49284 in the rootio-fish package for Root:Alpine:3.17. Multiple fixed versions available...

Linux RC4 Packer with In-Memory Execution (x86)

This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. The evasion module works on systems with Linux Kernel 3.17+ due to memfdcreate support. Features: - RC4 encryption with configurable key size - Fileless execution...

EUVD-2024-52476

Malicious code in bioql PyPI...

PT-2025-35364

Name of the Vulnerable Software and Affected Versions: Green Dam Youth Escort version 3.17 Description: Green Dam Youth Escort version 3.17 is susceptible to a stack-based buffer overflow when handling excessively long URLs. The issue is located within the URL filtering component, which does not...

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2025-1149)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1149 advisory. Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0...

OESA-2025-1972 apache-commons-lang security update

The standard Java libraries fail to provide enough methods for manipulation of its core classes. Apache Commons Lang provides these extra methods. Security Fixes: A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as...

OESA-2025-1929 apache-commons-lang3 security update

The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. Lang provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical methods, object reflection...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server version...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

CVE-2024-54353

Cross-Site Request Forgery CSRF vulnerability in wpgear Hack-Info hack-info allows Stored XSS.This issue affects Hack-Info: from n/a through = 3.17...

CVE-2024-54353

CVE-2024-54353 is a CSRF-to-Stored XSS issue in the WordPress Hack-Info plugin (Hack-Info), affecting versions up to 3.17. The vulnerability’s description confirms Cross-Site Forgery to Stored Cross-Site Scripting. Red Hat and ENISA records corroborate the CVE entry; Wordfence notes the vulnerabi...

PT-2024-36239 · Unknown · Wpgear Hack-Info

Name of the Vulnerable Software and Affected Versions: WPGear Hack-Info versions n/a through 3.17 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and...

PT-2024-9645 · Dell · Dell Power Manager

Name of the Vulnerable Software and Affected Versions: Dell Power Manager versions prior to 3.17 Description: The issue is related to an improper access control vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and...

SUSE-SU-2024:2298-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: openCryptoki was updated to version to 3.17.0 bsc1220266, bsc1219217 + openCryptoki 3.17 - tools: added function to list keys to p11sak - common: added support for OpenSSL 3.0 - common: added support for event notifications - ICA: added SW...

CVE-2024-5544

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-5544

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

WordPress Media Library Assistant plugin <= 3.17 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Le Ngoc Anh in WordPress Plugin Media LIbrary Assistant versions = 3.17...