GHSA-WQCR-7RF3-F64M Singluarity: Incorrect path matching for 'limit container paths' directive

Impact The limit container paths directive in singularity.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed. For exampl...

PT-2026-46880

Impact The limit container paths directive in singularity.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed. For exampl...

CVE-2025-64203

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EverPress Mailster mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.1.14...

CVE-2025-64203

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EverPress Mailster mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.1.14...

CVE-2025-64203 WordPress Mailster plugin < 4.1.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EverPress Mailster mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.1.14...

PT-2025-52159

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EverPress Mailster mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.1.14...

Moodle < 4.1.14 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.14, 4.2.x prior to 4.2.11, 4.3.x prior to 4.3.8, or 4.4.x prior to 4.4.4. It is, therefore, affected by multiple vulnerabilities. - An IDOR when fetching report schedules. - Some users can...

Mastodon 4.1.x < 4.1.14 Multiples Vulnerabilities

According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.18 or 4.0.x prior to 4.0.14 or 4.1.x prior to 4.1.14 or 4.2.x prior to 4.2.6. It is, therefore, affected by multiples vulnerabilities : - Destroying OAuth Applications doesn't notify...

WordPress Podlove Podcast Publisher Plugin <= 4.1.13 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.1.13 Fixed in 4.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43983 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 71f42a372118 Credits Muhammad Daffa Required...

PT-2024-2574 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 3.5.18 Mastodon versions prior to 4.0.14 Mastodon versions prior to 4.1.14 Mastodon versions prior to 4.2.6 Description: The issue is related to the incorrect handling of Access Tokens when an OAuth Application is...

SPIP < 4.1.14, 4.2.x < 4.2.8 XSS Vulnerability

SPIP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip";...

Security Bulletin: IBM QRadar User Behavior Analytics uses components with known vulnerabilities (CVE-2023-44270, CVE-2023-45133)

Summary IBM QRadar User Behavior Analytics contains vulnerable packages/components that may be identified and potentially exploited. The packages have been updated in the latest release and the vulnerabilities identified in the CVEs have been addressed. Please follow the instructions in the...

Apache OpenOffice < 4.1.14 Multiple Vulnerabilities (macOS)

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.14. It is, therefore, affected by multiple vulnerabilities: - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 - Apache OpenOffice versions before 4.1.14 may b...

PT-2023-1972 · Apache +6 · Apache Openoffice +7

Name of the Vulnerable Software and Affected Versions: Apache OpenOffice versions before 4.1.14 Description: The issue is related to the possibility of adding an empty entry to the Java class path in Apache OpenOffice. This could allow a remote attacker to execute arbitrary Java code from the...

PowerDNS Authoritative Server Information Disclosure Vulnerability (2020-05)

PowerDNS Authoritative Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2010-3668

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl...

WordPress 4.1.x < 4.1.14 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...

TYPO3 < 4.1.14, 4.2.x < 4.2.13, 4.3.x < 4.3.4, 4.4.0 Multiple Vulnerabilities (TYPO3-SA-2010-012)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...