Traefik 安全漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Vulnerabilities exist in versions prior to Traefik 2.11.44, 3.6.15, and 3.7.0-rc.3. These vulnerabilities stem from the errors middleware module, which forwards the entire set of request headers including...

Traefik < 2.11.44 / 3.x < 3.6.15 Information Disclosure (GHSA-p6hg-qh38-555r)

The version of Traefik installed on the remote macOS host is prior to 2.11.44 or 3.x prior to 3.6.15. It is, therefore, affected by an information disclosure vulnerability: - Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service. CVE-2026-41181 Note...

PT-2026-37371

These are all security issues fixed in the traefik-3.6.15-1.1 package on the GA media of openSUSE Tumbleweed...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

Astra Linux - уязвимость в wireshark

A memory leak in the BT SDP dissector in Wireshark versions 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows for denial of service through packet injection or malicious capture files...

CVE-2026-0927

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload...

PT-2026-4325

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload...

EUVD-2025-203596

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.6.15...

CVE-2025-64631 WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

CVE-2025-64631 WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

PT-2025-51402

Name of the Vulnerable Software and Affected Versions WCFM Marketplace versions through 3.6.15 Description An authorization issue exists in WC Lovers WCFM Marketplace wc-multivendor-marketplace, allowing exploitation due to incorrectly configured access control security levels. The issue allows...

EUVD-2025-28167

Malicious code in bioql PyPI...

CVE-2025-54744

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through = 3.6.15...

CVE-2025-54744

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through = 3.6.15...

CVE-2025-54744

CVE-2025-54744 refers to the WordPress MasterStudy LMS plugin (versions through 3.6.15) with a Missing Authorization/broken access control flaw. Public sources (Patchstack, CVE listings, Red Hat/RH, CVE-List) identify the root cause as incorrectly configured access control, enabling unauthorized ...

PT-2025-36249

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS versions through 3.6.15 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update MasterStudy LMS to a version later than 3.6.15...

WordPress plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2019-2393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue...

phpList < 3.6.16 XSS Vulnerability

phpList is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phplist:phplist"; i...

Design/Logic Flaw

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file...