CVE-2025-6054

The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and...

CVE-2025-6054 YANewsflash <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and...

WordPress YANewsflash plugin <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin YANewsflash versions = 1.0.3...

@toptal/picasso (>=48.1.20 <=54.1.6-alpha-bill-migrate-to-pnpm-7ee2baf8a.0), @toptal/picasso-account-select (>=3.0.1 <=4.0.1-alpha-bill-migrate-to-pnpm-7ee2baf8a.0) +13 more potentially affected by unknown CVE via @toptal/picasso-logo (>=2.0.0 <=2.0.9)

@toptal/picasso-logo NPM version =2.0.0, =48.1.20, =3.0.1, =4.0.1, =6.0.1, =3.0.1, =1.0.46, =71.0.24, =3.0.1, =4.0.1, =7.2.3, =15.0.2, =3.0.1, =4.0.6, =2.0.16, =5.0.1, =5.1.23-alpha-bill-migrate-to-pnpm-...

CVE-2023-6054

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERMIDSTR leads to sql injection. The exploit has been disclosed to the public and may be used...

CVE-2024-6054

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'createpostattachmentfromurl' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above...

CVE-2024-6054

CVE-2024-6054 is an unauthenticated/arbitrary file upload vulnerability in the WordPress plugin Auto Featured Image (

CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'createpostattachmentfromurl' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above...

WordPress Auto Featured Image Plugin <= 1.2 is vulnerable to Arbitrary File Upload

Software Auto Featured Image Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6054 Patch priority Low CVSS severity Low 9.9 Developer Claim ownership PSID 82feedc389d9 Credits István Márton Required privilege Contribut...

CVE-2023-6054

CVE-2023-6054 is a SQL injection vulnerability in Tongda OA 2017 up to version 11.9, arising from manipulation of TERM_ID_STR in the file general/wiki/cp/manage/lock.php. Public exploit details exist and may be used. Remediation: upgrade to Tongda OA 11.10 to address the issue. Impact and affecte...

Ubuntu 16.04 ESM : Django vulnerability (USN-6054-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6054-2 advisory. USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has extracted the...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : Django vulnerability (USN-6054-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6054-1 advisory. Moataz Al-Sharida and nawaik discovered that Django incorrectly handled uploading multiple files using one form field. A remote...

SUSE CVE-2012-5594

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6054. Reason: This candidate is a reservation duplicate of CVE-2012-6054. Notes: All CVE users should reference CVE-2012-6054 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...

SUSE CVE-2013-6054

Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045...

Mageia: Security Advisory (MGASA-2014-0432)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0466)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:2088-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4587-1: iTALC vulnerabilities

Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055...

Arbitrary Code Execution

LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash o...

CVE-2018-6054

Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension...