CVE-2025-5199

creationtimestamp| type| source ---|---|--- 2026-05-28 15:00:22+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mmwbygig6j2g...

CVE-2026-5199 vulnerabilities

Vulnerabilities for packages: temporal...

CVE-2026-5199 vulnerabilities

Vulnerabilities for packages: temporal-fips, temporal...

SUSE CVE-2025-52903

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a...

SUSE CVE-2025-52904

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0 of the web application, all users have a scope assigned, and they only have access to the files within that scope. The Command...

CVE-2025-5199

In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup...

CVE-2014-5199

Cross-site request forgery CSRF vulnerability in the WordPress File Upload plugin wp-file-upload before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are...

Linux Distros Unpatched Vulnerability : CVE-2015-5199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAUDRIVER environment variable. CVE-2015-51...

CVE-2024-5199 Spotify Play Button <= 1.0 - Contributor+ Stored XSS

The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-5199 Spotify Play Button <= 1.0 - Contributor+ Stored XSS

The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Spotify Play Button Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Spotify Play Button Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5199 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 81b0c1de1aa9 Credits Bob Matyas Required...

CVE-2023-5199

The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute cod...

CVE-2023-5199 PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode

The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute cod...

CVE-2023-5199

CVE-2023-5199 corresponds to the PHP to Page WordPress plugin vulnerability: Local File Inclusion enabling Remote Code Execution via the php-to-page shortcode. Affected: PHP to Page plugin versions

WordPress PHP to Page Plugin <= 0.3 is vulnerable to Remote Code Execution (RCE)

Software PHP to Page Type Plugin Vulnerable versions = 0.3 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-5199 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID fd52cb970119 Credits István Márton Required privilege...

Debian: Security Advisory (DLA-306-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS : Python vulnerabilities (USN-5199-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5199-1 advisory. It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially...

SUSE: Security Advisory (SUSE-SU-2015:1892-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : kernel (RHSA-2020:5199)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5199 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: metadata validator in XFS may...

CVE-2018-5199

CVE-2018-5199 affects Veraport G3 ALL on macOS. The root cause is insufficient domain validation, enabling an attacker to overwrite an installation file with a malicious file and potentially execute arbitrary code. Exploitation details are not provided in the documents beyond the high-level descr...