ROOT-OS-DEBIAN-12-CVE-2025-38702 CVE-2025-38702 in rootio-linux - Patched by Root

Root has patched CVE-2025-38702 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

CLSA-2026-1771240476 kernel: Fix of 13 CVEs

vsock: Do not allow binding to VMADDRPORTANY CVE-2025-38618 - cnic: Fix use-after-free bugs in cnicdeletetask CVE-2025-39945 - scsi: bfa: Double-free fix CVE-2025-38699 - pptp: ensure minimal skb length in pptpxmit CVE-2025-38574 - ipv6: reject malicious packets in ipv6gsosegment CVE-2025-38572 -...

CVE-2025-38702 affecting package kernel for versions less than 6.6.104.2-1

CVE-2025-38702 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...

Linux Distros Unpatched Vulnerability : CVE-2025-38702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbdev: fix potential buffer overflow in doregisterframebuffer The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps i...

CVE-2025-38702

In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in doregisterframebuffer The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registeredfb 2. All array slots become occupied despite...

MAL-2025-38702 Malicious code in vulture-jungle-jvs753-project (npm)

The package vulture-jungle-jvs753-project was found to contain malicious code...

CVE-2023-38702

Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to ...

CVE-2024-38702

CVE-2024-38702 relates to Tyche Software’s Product Delivery Date for WooCommerce – Lite, describing a Missing Authorization vulnerability that allows accessing functionality not properly constrained by ACLs. Affected versions are Lite up to 2.7.2 (inclusive); remediation is to upgrade to a versio...

CVE-2024-38702 WordPress Product Delivery Date for WooCommerce – Lite plugin <= 2.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.2...

CVE-2024-38702 WordPress Product Delivery Date for WooCommerce – Lite plugin <= 2.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.2...

WordPress Product Delivery Date for WooCommerce – Lite Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Product Delivery Date for WooCommerce – Lite Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38702 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a611019beea2 Credits...

CVE-2022-38702

Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0...

CVE-2022-38702

Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0...

CVE-2022-38702

Summary: The CVE-2022-38702 entry concerns the WordPress WP CSV Exporter plugin, affecting versions up to 2.0. Connected documents identify the issue as improper neutralization of formula elements in a CSV file (CSV injection) within WP CSV Exporter. What’s affected: WP CSV Exporter plugin for Wo...

CVE-2023-38702

Knowage (open source analytics BI suite) prior to 8.1.8 is affected by CVE-2023-38702. An unauthenticated user can reach the endpoint /knowage/restful-services/dossier/importTemplateFile and upload a template file to the knowageqbeengine directory. Uploading a JSP file to that directory enables c...

CVE-2023-38702 Knowage Server vulnerable to path traversal via upload functionality

Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to ...

CVE-2021-38702

Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=XSS attacks...

CVE-2021-38702

Cyberoam NetGenie devices C0101B1-20141120-NG11VO (through 2021-08-14) are affected by a reflected cross-site scripting (XSS) vulnerability in the ft.php?u= parameter. The Nuclei template for CVE-2021-38702 documents that an attacker can inject payload via the u parameter to trigger client-side s...