Astra Linux – Vulnerability in Node-Elliptic

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

PT-2026-40265

Name of the Vulnerable Software and Affected Versions FortiAuthenticator versions 8.0.0 through 8.0.2 FortiAuthenticator versions 6.6.0 through 6.6.8 FortiAuthenticator versions 6.5.0 through 6.5.6 Description An improper access control issue in API endpoints allows an unauthenticated remote...

CVE-2026-39535

Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through = 6.5.6...

CVE-2026-39535

CVE-2026-39535 concerns the WordPress plugin Display Eventbrite Events (plugin version

Fedora: Security Advisory (FEDORA-2025-891d4dd5d6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-fa8d0fb866)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-61962

In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context...

Linux Distros Unpatched Vulnerability : CVE-2022-29248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not...

CVE-2024-30526

Cross-Site Request Forgery CSRF vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through 6.5.6...

Elliptic 安全漏洞

Elliptic is a library of fast elliptic curve ciphers in javascript by the individual developer Fedor Indutny. A security vulnerability exists in Elliptic versions prior to 6.5.6, which stems from a validation function that omits some judgmental validation...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-42459)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42459 advisory. - In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing...

0x-relayer-cat (>=0.0.2 <=0.0.10), 0xauth (>=0.0.2 <=0.0.6) +8123 more potentially affected by CVE-2024-42461 via elliptic (>=5.2.1 <=6.5.6)

elliptic NPM version =5.2.1, =0.0.2, =0.0.2, =1.0.6, =0.0.1-beta.1, =0.1.0, =0.0.92, =0.1.3, =4.2.1, =6.2.1, =13.6.1, =13.7.2 and more Source cves: CVE-2024-42461 Source advisory: OSV:GHSA-49Q7-C7J4-3P7M...

Elliptic allows BER-encoded signatures

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

PT-2024-29954

Name of the Vulnerable Software and Affected Versions Elliptic package version 6.5.6 Description The issue concerns EDDSA signature malleability due to a missing signature length check, allowing zero-valued bytes to be removed or appended. This is a cryptographic weakness that can be exploited...

WordPress plugin CTX Feed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-36048

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values...

WordPress plugin Consulting 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

Security advisory: QStringConverter

QStringConverter has an invalid pointer being passed as a callback which can allow modification of the stack and has been assigned the CVE id CVE-2024-33861. Qt itself is not vulnerable to remote attack however an application using QStringDecoder either directly or indirectly can be vulnerable...

WordPress Easy Social Feed Plugin < 6.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Easy Social Feed Type Plugin Vulnerable versions 6.5.6 Fixed in 6.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1219 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 44698f6b2049 Credits Dmitrii Ignatyev Required...

WordPress Plugin Easy Social Feed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...