CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

OESA-2025-2526 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

EUVD-2018-10953

Malware in sbrugna...

EUVD-2004-2543

Malware in sbrugna...

EUVD-2023-30328

Malicious code in bioql PyPI...

EUVD-2021-8090

Malicious code in bioql PyPI...

CVE-2023-26531

Cross-Site Request Forgery CSRF vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条: from n/a through 4.2.7...

LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection

Exploit Title: LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection Google Dork: inurl:"/wp-json/learnpress/v1/" OR inurl:"/wp-content/plugins/learnpress/" OR "powered by LearnPress" AND "version 4.2.7" Date: Current Date, e.g., October 30, 2024 Exploit Author: Your Name or Username Vendor...

WordPress plugin LearnPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin LearnPress...

Wireshark Security Update (wnpa-sec-2024-13) - Windows

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

DEBIAN-CVE-2024-9781

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file...

PT-2024-7665

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.2.0 through 4.2.7 Wireshark version 4.4.0 Description The issue is related to incorrect handling of missing values in the AppleTalk Dissector and RELOAD Framing Dissector for Wireshark, which can lead to a denial of servic...

WordPress LearnPress Plugin <= 4.2.7 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.2.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 13b3ec9c4ec2 Credits abrahack Required privilege Unauthenticated Publish...

Fedora: Security Advisory (FEDORA-2024-105eb3026f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : wireshark (2024-105eb3026f)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-105eb3026f advisory. New version 4.2.7, fix for CVE-2024-8250 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

PT-2024-39073

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to 4.2.7 Description: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the c only fields parameter of the "/wp-json/learnpress/v1/courses" REST API...

OPENSUSE-SU-2024:14302-1 libwireshark17-4.2.7-1.1 on GA media

These are all security issues fixed in the libwireshark17-4.2.7-1.1 package on the GA media of openSUSE Tumbleweed...

WordPress Popup Builder Plugin <= 4.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2506 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5081e1f78a97 Credits Tim Coen Required privileg...

Debian dla-3761 : spip - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3761 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3761-1 [email protected] https://www.debian.org/lts/security/...