EUVD-2026-5345

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...

PT-2026-6307

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 6.3.6 Wagtail versions prior to 7.0.4 Wagtail versions prior to 7.1.3 Wagtail versions prior to 7.2.2 Wagtail versions prior to 7.3 Description Wagtail, an open source content management system built on Django, contai...

EUVD-2025-27180

Malicious code in bioql PyPI...

CVE-2025-57947 WordPress Photo Gallery by Ays Plugin <= 6.3.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Photo Gallery by Ays allows DOM-Based XSS. This issue affects Photo Gallery by Ays: from n/a through 6.3.6...

WordPress plugin Photo Gallery by Ays 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

JVN#67963942: WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting

The field labels in WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Impact If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script ma...

CVE-2023-23784

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests...

Path traversal

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests...

CVE-2023-23784

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests...

CVE-2023-23780

A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests...

PT-2022-22441 · WordPress · Complianz Premium +3

Name of the Vulnerable Software and Affected Versions: Complianz WordPress plugin versions prior to 6.3.4 Complianz Premium WordPress plugin versions prior to 6.3.6 Description: The issue allows translators to inject arbitrary SQL through an unsanitized translation. This can be done through an...

CVE-2022-3494 Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi

The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugin...

NoMachine for Windows <= 5.3.26, 6.x < 6.3.6 Trojan File RCE Vulnerability - Windows

NoMachine for Windows is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Security Bulletin: DB2 local escalation of privilege vulnerability affects IBM Tivoli Storage Manager Server (CVE-2015-1947)

Summary IBM Tivoli Storage Manager IBM Spectrum Protect Server is affected by an IBM DB2 software vulnerability that can result in a local user gaining root level access to which the user is not entitled. Vulnerability Details CVEID: CVE-2015-1947 DESCRIPTION: IBM DB2 software is vulnerable to a...

Splunk Enterprise Multiple OpenSSL Vulnerabilities (SP-CAAAPQM)

Splunk Enterprise is prone to multiple OpenSSL vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk"; i...

Splunk Enterprise 6.2.x < 6.2.11, 6.3.x < 6.3.6, 6.4.x < 6.4.2 Open Redirect Vulnerability

Splunk Enterprise is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk"; if...

IBM Tivoli Storage Manager elevation of privilege vulnerability (CNVD-2015-07342)

IBM Tivoli Storage Manager is an American IBM data protection platform that provides organizations with a single point of control and management for storage management needs. An elevation of privilege vulnerability exists in IBM Tivoli Storage Manager version 6.3 prior to 6.3.6 and version 7.1...

Fedora Update for fetchmail FEDORA-2007-041

Check for the Version of fetchmail OpenVAS Vulnerability Test Fedora Update for fetchmail FEDORA-2007-041 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Gentoo Security Advisory GLSA 200701-13 (fetchmail)

The remote host is missing updates announced in advisory GLSA 200701-13. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

fetchmail not enforcing TLS for POP3 properly

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle MITM attacks...