Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. In versions prior to 8.0.3, as well as in 7.4.5, 7.2.10, and 6.2.19, an authenticated user could use a specially crafted string to trigger an out-of-bounds write operation on the hyperloglog data structure, potentially leadin...

CVE-2026-40332

Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...

CVE-2026-40329

Masa CMS is affected by a SQL injection in the beanFeed.cfc component (getQuery handling of the sortBy parameter) in versions 7.5.2 and earlier. The vulnerability arises from insufficient sanitization/parameterization of sortBy, allowing an unauthenticated remote attacker to execute arbitrary SQL...

PT-2026-37235

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description A SQL injection exists in the beanFeed.cfc component within the getQuery function's processing o...

CVE-2025-54820

Fortinet FortiManager contains a Stack-based Buffer Overflow (CWE-121) affecting FortiManager 7.4.0–7.4.2, 7.2.0–7.2.10, and all 6.4 versions. An unauthenticated remote attacker could craft requests to execute unauthorized commands if the service is enabled. The flaw is related to bypassing stack...

Oracle Linux 9 : redis:7 (ELSA-2025-20955)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20955 advisory. - rebase to 7.2.11 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 - rebase to 7.2.10 for CVE-2025-27151 CVE-2025-32023 and...

Weseek Growi 跨站脚本漏洞

Weseek Growi is an open source wiki system that can be written in Markdown by the Japanese company Weseek. A cross-site scripting vulnerability exists in Weseek Growi versions prior to 7.2.10, which originates when a malicious user creates a page containing specially crafted content that could le...

EUVD-2025-36015

Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through = 7.2.10...

CVE-2025-62925

Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through = 7.2.13...

CVE-2025-62925

CVE-2025-62925 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin Conversios.io for Enhanced E-commerce for WooCommerce. Affected: Conversios.io

PT-2025-43802

Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through = 7.2.10...

WordPress plugin Conversios.io 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

redis security update

7.2.10-1.0.2 - Fix for CVE-2025-49844 Orabug: 38515582...

EUVD-2025-24471

Malicious code in bioql PyPI...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2025-27759

Fortinet FortiWeb is affected by an OS Command Injection vulnerability (CWE-78) due to improper neutralization of special elements. Impactable when an authenticated privileged attacker crafts CLI commands to execute arbitrary code on affected versions. Affected software: FortiWeb 7.6.0–7.6.3, 7.4...

CVE-2025-52970

Fortinet FortiWeb is affected by CVE-2025-52970 due to improper handling of parameters in FortiWeb versions 7.6.3 and below, 7.4.7 and below, 7.2.10 and below, and 7.0.10 and below. An unauthenticated remote attacker with non-public device information can gain admin privileges via a specially cra...

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists in Fortinet...

Linux Distros Unpatched Vulnerability : CVE-2025-48367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client...