CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

Insertion of Sensitive Information Into Sent Data

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the urls during anonymous assignment submissions. An attacker can access internal user identifiers by viewing exposed URLs, which may compromise...

CVE-2026-23963

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an arbitrarily long string as the name or...

CVE-2026-23962 Mastodon vulnerable to Denial of Service from a single post (client/server)

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...

SUSE CVE-2026-0959

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service...

PT-2026-2952

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.4.0 through 4.4.12 Wireshark versions 4.6.0 through 4.6.2 Description A crash exists in the IEEE 802.11 protocol dissector. This issue can lead to a denial of service. Recommendations Update Wireshark to a version later th...

Wireshark 缓冲区错误漏洞

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A buffer error vulnerability exists in Wireshark versions 4.6.0 through 4.6.2 and 4.4.0 through...

Wireshark Security Update (wnpa-sec-2025-08) - Windows

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

Wireshark Security Update (wnpa-sec-2025-08) - Linux

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

Wireshark Security Update (wnpa-sec-2025-08) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

GHSA-MGV8-W49F-822W Mautic: MST-48 Server-Side Request Forgery in Asset section

Impact Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery SSRF vulnerability. Patches Update to 4.4.12 or 5.0.4 Workarounds None References -...

PT-2024-11537 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.12 Mautic versions prior to 5.0.4 Description: The issue affects logged in users of Mautic, making them vulnerable to an SQL injection vulnerability in the Reports bundle. This vulnerability allows an attacker to...

PT-2024-10912 · Mautic +1 · Mautic +1

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.12 Mautic versions prior to 5.0.4 Description: Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mauti...

PT-2024-11536 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.12 Description: The issue is related to a self XSS vulnerability in the notifications within Mautic. Logged in users are vulnerable to this issue, which allows malicious code to be injected into the notification...

PT-2024-10911 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.12 Description: There is an XSS vulnerability in the description fields within the Mautic application, which could be exploited by a logged-in user with the appropriate permissions. This could lead to the user...

CVE-2023-49293 Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite

Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transforme...

CVE-2023-49293 Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite

Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transforme...

CVE-2022-3207

The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3062 Simple File List < 4.4.12 - Reflected Cross-Site Scripting

The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

CVE-2022-3062

CVE-2022-3062 affects the WordPress Simple File List plugin prior to 4.4.12. The vulnerability arises from not escaping parameters before outputting them in HTML attributes, enabling reflected Cross-Site Scripting. Impact is the execution of arbitrary JavaScript in the victim’s browser; remediati...