Astra Linux - уязвимость в wireshark

A large loop in the PNRP dissector in Wireshark versions 3.4.0 to 3.4.9, and 3.2.0 to 3.2.17 allows for denial of service through packet injection or malicious capture files...

Astra Linux - уязвимость в wireshark

A buffer overflow in the C12.22 dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows for denial of service through packet injection or malicious capture files...

Astra Linux - уязвимость в wireshark

Uncontrolled recursion in the Bluetooth DHT dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows for denial of service through packet injection or crafted capture files...

WordPress Strong Testimonials plugin <= 3.2.16 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin Strong Testimonials versions = 3.2.16...

PT-2025-45181

Name of the Vulnerable Software and Affected Versions Strong Testimonials plugin for WordPress versions prior to 3.2.17 Description The Strong Testimonials plugin for WordPress is susceptible to arbitrary shortcode execution. The software does not properly validate or sanitize user-submitted...

EUVD-2025-7892

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-23969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsin...

Sangfor Endpoint Detection and Response 安全漏洞

Sangfor Endpoint Detection and Response is a next-generation endpoint security solution from China-based Sangfor. A security vulnerability exists in Sangfor Endpoint Detection and Response versions 3.2.16, 3.2.17, and 3.2.19, which is caused by an OS command injection attack due to a flaw in the...

VulnCheck KEV: CVE-2025-34041

An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response EDR management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interfac...

CVE-2025-29782 WeGIA Cross-Site Scripting (XSS) Stored in endpoint `adicionar_tipo_docs_atendido.php` parameter `tipo`

WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionartipodocsatendido.php endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the tipo...

CVE-2025-29782

CVE-2025-29782 affects the WeGIA Web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability exists in adicionar_tipo_docs_atendido.php, exploitable via the tipo parameter. In WeGIA versions prior to 3.2.17, attacker-supplied scripts are stored on the server and exe...

CVE-2024-22295

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.This issue affects Photo Gallery, Images, Slider in Rbs Image Gallery: from n/a through 3.2.17...

PT-2024-19316 · Unknown · Robosoft Photo Gallery

Name of the Vulnerable Software and Affected Versions: RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery versions 3.2.17 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stor...

WordPress Robo Gallery Plugin <= 3.2.17 is vulnerable to Cross Site Scripting (XSS)

Software Robo Gallery Type Plugin Vulnerable versions = 3.2.17 Fixed in 3.2.18 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22295 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 29d8208eb109 Credits Bryan Satyamulya Required privilege...

SPIP 3.2.x < 3.2.17, 4.x < 4.0.9, 4.1.x < 4.1.7 SQLi Vulnerability

SPIP is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip"; ifdescription...

SUSE CVE-2021-39921

NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...

Pivotal Spring Framework contains unsafe Java deserialization methods

Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. Maintainers recommend...

NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

...

CVE-2021-39929

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...

UBUNTU-CVE-2021-39922

Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...