CVE-2026-6227

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

EUVD-2019-5548

Malware in sbrugna...

EUVD-2023-1739

Malicious code in bioql PyPI...

CVE-2023-34246

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

WordPress plugin DeBounce Email Validator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... The WordPress plugin...

WolfSSL suffers from an unspecified vulnerability (CNVD-2024-37445)

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in WolfSSL version 5.6.6, which can be exploited by remote attackers to disclose information and elevate privileges via a...

CVE-2024-1545

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the...

CVE-2023-52117

Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6...

PT-2024-14414 · Metagauss · Metagauss Profilegrid

Name of the Vulnerable Software and Affected Versions: Metagauss ProfileGrid versions 5.6.6 and earlier Description: A Missing Authorization issue has been identified. This issue affects Metagauss ProfileGrid, allowing potential unauthorized access. Recommendations: For Metagauss ProfileGrid...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read when callback functions are enabled through the optional WOLFSSLCALLBACKS flag. An attacker can read 5 bytes from the heap via malicious TLS 1.3 connection. Remediation Upgrade wolfssl to version 5.6.6 or higher...

PT-2024-15130 · Wolfssl +1 · Wolfssl +1

Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 5.6.6 Description: The issue allows a malicious TLS client or network attacker to trigger a buffer over-read on the heap of 5 bytes if callback functions are enabled via the WOLFSSL CALLBACKS flag. This flag is only...

PT-2023-30532 · Unknown · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid – User Profiles, Memberships, Groups and Communities versions 5.6.6 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user...

[SECURITY] [DLA 3542-1] unrar-nonfree security update

Debian LTS Advisory DLA-3542-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 26, 2023 https://wiki.debian.org/LTS Package : unrar-nonfree Version : 1:5.6.6-1+deb10u4 CVE ID : CVE-2023-40477 A specific flaw within the processing of recovery volumes exists ...

Authorization

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

CVE-2023-34246 Doorkeeper Improper Authentication vulnerability

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

Doorkeeper 授权问题漏洞

Doorkeeper is an OAuth 2 authentication provider for Rails/Grape applications. An authorization issue vulnerability exists in Doorkeeper versions prior to 5.6.6, which stems from the automatic processing of authorization requests from previously approved public clients that do not require user...

CVE-2022-41805

Cross-Site Request Forgery CSRF vulnerability in Booster for WooCommerce plugin = 5.6.6 on WordPress...

heap-buffer-overflow

Description Whilst experimenting with radare2, built from version 5.6.6, we are able to induce a vulnerability at bindyldcache.c:125 in function va2pa , using radare2 as a harness. 118: static ut64 va2pauint64t addr, ut32 nmaps, cachemapt maps, RBuffer cachebuf, ut64 slide, ut32 offset, ut32 left...

Heap buffer overflow in libr/bin/format/mach0/mach0.c

This vulnerability is of type heap-buffer-overflow. And after quick investigation I think it is very likely to be successfully exploited to remote code execution. The bug exists in latest stable release radare2-5.6.6 and lastest master branch 8317a34b7e4ab731e230dcdd81adc9323c5b518b, updated in...

CVE-2022-1052

Heap Buffer Overflow in iteratechainedfixups in GitHub repository radareorg/radare2 prior to 5.6.6...