CVE-2025-32549

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue affects WPGYM: from n/a through 65.0...

CVE-2025-32549

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue affects WPGYM: from n/a through 65.0...

CVE-2025-32549 WordPress WPGYM <= 65.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue affects WPGYM: from n/a through 65.0...

CVE-2025-32549

CVE-2025-32549 concerns the WordPress plugin WPGYM (Wordpress Gym Management System) with an authenticated Local File Inclusion due to improper filename handling. Public sources in the Connected documents indicate the vulnerability is present in versions up to 65.0 and is listed as an authenticat...

CVE-2023-32549

creationtimestamp| type| source ---|---|--- 2025-01-07 18:39:40+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/519...

CVE-2024-32549

Cross-Site Request Forgery CSRF vulnerability in Microkid Related Posts for WordPress allows Cross-Site Scripting XSS.This issue affects Related Posts for WordPress: from n/a through 4.0.3...

CVE-2024-32549 WordPress Related Posts for WordPress plugin <= 4.0.3 - CSRF to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Microkid Related Posts for WordPress allows Cross-Site Scripting XSS.This issue affects Related Posts for WordPress: from n/a through 4.0.3...

CVE-2024-32549

CVE-2024-32549 is a CSRF-to-XSS vulnerability in the WordPress plugin “Microkid Related Posts” that can affect sites using the plugin up to version 4.0.3. The connected Red Hat entry confirms the issue as a CSRF vulnerability that enables XSS in Related Posts for WordPress. The CVSS 3.1 vector fr...

CVE-2024-32549 WordPress Related Posts for WordPress plugin <= 4.0.3 - CSRF to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Microkid Related Posts for WordPress allows Cross-Site Scripting XSS.This issue affects Related Posts for WordPress: from n/a through 4.0.3...

WordPress Related Posts for WordPress Plugin <= 4.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Related Posts for WordPress Type Plugin Vulnerable versions = 4.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32549 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID cc6d55801af6 Credits Dimas...

CVE-2023-32549 Landscape insecure token generation

Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator...

CVE-2023-32549

CVE-2023-32549 affects Canonical Landscape where cryptographic keys are generated using a weak pseudo-random generator. The flaw enables potential confidentiality exposure (CVE with network attack vector, no user interaction; CVSS 3.1 base score 7.5). Root cause: insecure PRNG-based key generatio...

CVE-2022-32549

A flaw was found in Apache Sling Commons Log. This flaw allows an attacker to benefit from the flaw and forge logs, allowing cover tracks and potentially corrupting log files...

biz.netcentric.cq.tools.accesscontroltool:minimum-environment (>=3.0.0 <=4.1.1), com.activecq.tools.quickimage:core (=1.0.0) +72 more potentially affected by CVE-2022-32549 via org.apache.sling:org.apache.sling.commons.log (>=2.0.6 <=5.4.0)

org.apache.sling:org.apache.sling.commons.log MAVEN version =2.0.6, =3.0.0, =5.6.2, =1.0.3, =1.0.20, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.2.1 and more Source cves: CVE-2022-32549 Source advisory: OSV:GHSA-QMX3-M648-HR74...

biz.netcentric.cq.tools.accesscontroltool:accesscontroltool-bundle (>=3.6.0 <=4.1.1), biz.netcentric.cq.tools.accesscontroltool:maximum-environment (>=2.5.4 <=3.6.2) +439 more potentially affected by CVE-2022-32549 via org.apache.sling:org.apache.sling.api (>=2.0.2-incubator <=2.25.0)

org.apache.sling:org.apache.sling.api MAVEN version =2.0.2-incubator, =3.6.0, =2.5.4, =3.0.0, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =2012.12.01, =2012.12.01, =0.0.4, =5.6.0, =5.7.32 and more Source cves: CVE-2022-32549 Source advisory: OSV:GHSA-QMX3-M648-HR74https://vulners.com/osv/OSV:GHSA-QMX3-...

CVE-2022-32549

creationtimestamp| type| source ---|---|--- 2022-06-22 18:28:37+00:00| seen| https://t.me/cibsecurity/44945...

CVE-2022-32549

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...

CVE-2022-32549 log injection in Sling logging

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...

CVE-2022-32549

The CVE-2022-32549 entries describe a log-injection flaw in Apache Sling Commons Log ≤ 5.4.0 and Apache Sling API ≤ 2.25.0 due to improper input validation. An attacker could forge logs to obscure activity and potentially corrupt log files. Multiple connected sources (NVD, Red Hat, CNVD, OSV, Ver...

CVE-2021-32549

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users...