22 matches found
EUVD-2026-26214
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a through = 4.4.11...
OESA-2026-1059 wireshark security update
Security Fixes: MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of serviceCVE-2025-13946...
CVE-2026-22245 Mastodon has SSRF Protection bypass
Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...
SUSE CVE-2025-13946
MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service...
Wireshark Security Update (wnpa-sec-2025-08) - Mac OS X
Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...
Wireshark Security Update (wnpa-sec-2025-08) - Windows
Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...
CVE-2025-13946
Wireshark contains a vulnerability in the MEGACO dissector (CVE-2025-13946): the MEGACO dissector can enter an infinite loop in Wireshark versions 4.6.0–4.6.1 and 4.4.0–4.4.11, enabling denial of service. Public advisories confirm a fix is available in Wireshark 4.4.13 (and related updates across...
Wireshark Security Update (wnpa-sec-2025-06) - Windows
Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...
EUVD-2025-3761
Malicious code in bioql PyPI...
Joomla! 4.x < 4.4.11 SQL injection
According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.11 or 5.x prior to 5.2.4. It is, therefore, affected by a SQL injection vulnerability in the backend task list of comscheduler due to improperly built order clauses. Note that the...
WordPress Paytium plugin <= 4.4.11 - Full Path Disclosure (FPD) vulnerability
Full Path Disclosure FPD vulnerability discovered by Fariq Fadillah Gusti Insani in WordPress Plugin Paytium versions = 4.4.11...
PT-2025-5400 · Paytium · Paytium
Name of the Vulnerable Software and Affected Versions: Paytium versions through 4.4.11 Description: The issue allows retrieval of embedded sensitive data due to the generation of error messages containing sensitive information. Recommendations: For versions through 4.4.11, update to a version tha...
PT-2024-34811 · Paytium · Paytium
Name of the Vulnerable Software and Affected Versions: Paytium versions prior to 4.4.11 Description: A Missing Authorization vulnerability exists in Paytium by David de Boer. This issue allows for unauthorized access. Recommendations: For versions prior to 4.4.11, update to version 4.4.11 or late...
RHBA-2020:2785 Red Hat Bug Fix Advisory: OpenShift Container Platform 4.4.11 packages update
Bulletin has no description...
MongoDB DoS Vulnerability (SERVER-58203, SERVER-59299, SERVER-60218) - Linux
MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...
CVE-2021-32040
Removed by vendor...
Design/Logic Flaw
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations...
Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.4.11 packages update
Red Hat OpenShift Container Platform release 4.4.11 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...
CVE-2016-2803
Cross-site scripting XSS vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML...
Bugzilla cross-site scripting vulnerability (CNVD-2016-03322)
Bugzilla is the United States Mozilla Foundation developed a set of open-source defect tracking system , it can manage software development defects in the submission new, repair resolve, close close and so on the entire life cycle . A cross-site scripting vulnerability exists in Bugzilla versions...