Debian dsa-6134 : pdns-recursor - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6134 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6134-1 [email protected] https://www.debian.org/securit...

africa.absa:inception-test (>=1.0.0 <=1.2.0), ai.dstack:server-base-local (>=0.0.12 <=0.1.15) +5233 more potentially affected by CVE-2026-0603 via org.hibernate:hibernate-core (>=5.2.8.Final <=5.6.14.Final)

org.hibernate:hibernate-core MAVEN version =5.2.8.Final, =1.0.0, =0.0.12, =0.5.0, =0.5.0, =0.1.0, =0.1.3-20210127.1838-76ab4fc, =0.1.3-20210127.1838-76ab4fc, =0.1.0, =2023.06.07.114626-93b9d6f, =0.1.0, =0.1.4-20220614.0152-5ae0eef, =1.1.0, =0.7, =0.9 and more Source cves: CVE-2026-0603 Source...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003591)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003591 advisory. drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Tenable h...

Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

EUVD-2022-6226

Malicious code in bioql PyPI...

WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Featured Image from URL versions = 5.2.7...

WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Missing Authorization to Password Protected Post Disclosure vulnerability

Missing Authorization to Password Protected Post Disclosure vulnerability discovered by ifoundbug in WordPress Plugin Featured Image from URL versions = 5.2.7...

CVE-2023-47178

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8...

CVE-2022-4050

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Path Traversal

Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.8 Fixed in 5.2.9 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-8704 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 6882269240d3 Credits TANG Cheuk Hei siunam Required...

PT-2024-38815 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to, and including, 5.2.8 Description: The issue allows authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary...

WordPress plugin Advanced File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Advanced File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress Magic Post Thumbnail Plugin < 5.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Magic Post Thumbnail Type Plugin Vulnerable versions 5.2.8 Fixed in 5.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6724 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 20883b9f1f02 Credits Kieran Burge Required...

CVE-2023-47178

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8...

WordPress plugin The Plus Addons for Elementor Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-22877

StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML...

Cross site scripting

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...

CVE-2024-22876

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...

CVE-2024-22877

TheHive 5.2.0–5.2.8 is vulnerable to Cross-Site Scripting (XSS) in the case reporting feature. The issue allows an attacker to insert malicious JavaScript into the template or its variables, which executes in the TheHive application's context when the HTML report is opened. Root cause and exact i...