37 matches found
DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Crucible Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 4.8.0, 4.9.0 of Crucible Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...
WordPress Secure Copy Content Protection and Content Locking plugin <= 4.9.8 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header vulnerability
Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header vulnerability discovered by Deadbee - NA in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.9.8...
CVE-2026-1320
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin Secure Copy Content Protection and Content Locking 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001836)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001836 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001539)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001539 advisory. The nestedvmxcheckvmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS user...
CVE-2025-62935
Missing Authorization vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through = 5.0.0...
PT-2025-43811
Missing Authorization vulnerability in ilmosys Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through = 4.9.8...
WordPress plugin Open Close WooCommerce Store security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...
EUVD-2002-0678
Malware in sbrugna...
EUVD-2024-40171
Malicious code in bioql PyPI...
Apache Felix Webconsole 跨站脚本漏洞
Apache Felix Webconsole is a simple tool from the Apache USA Foundation to inspect and manage OSGi framework instances using a web browser. A cross-site scripting vulnerability exists in Apache Felix Webconsole versions 4.x through 4.9.8 and 5.x through 5.0.8, which stems from incorrect...
WordPress WP All Import Pro plugin < 4.9.8 - Authenticated (Administrator+) PHP Object Injection via Import File vulnerability
Authenticated Administrator+ PHP Object Injection via Import File vulnerability discovered by ? in WordPress Plugin WP All Import Pro versions 4.9.8...
PowerDNS Recursor DoS Vulnerability (2024-04)
PowerDNS Recursor is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SUSE CVE-2016-10208
The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service out-of-bounds read and system crash via a crafted ext4 image...
Tagify 跨站脚本漏洞
Tagify is a simple, customizable way to convert input fields or text areas into tag components. A security vulnerability existed prior to Tagify version 4.9.8. An attacker could pass it malicious placeholder values to trigger an XSS payload...
tc-bex.ch Cross Site Scripting vulnerability
Security Researcher metamorfosec Helped patch 1914 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting tc-bex.ch website and its users. Following coordinate...
RHEL 7 : samba (RHSA-2019:1966)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1966 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allo...
Fedora 29 : 2:samba (2019-208cc34d40)
Update to Samba 4.9.8, Security fixes for CVE-2018-16860 ---- Update to Samba 4.9.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible witho...
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Crop-image Shell Upload', 'Description' = %q This module exploits a path traversal and a local file inclusion vulnerability on WordPres...