RHSA-2026:0384 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.3 security update

Bulletin has no description...

CVE-2025-15033

CVE-2025-15033 affects WooCommerce core 8.1–10.4.2 under a specific site configuration, allowing logged-in customers to view guest order data. The issue is mitigated by patches in 10.4.3 and backported to 8.1.3; sites on 8.0 or earlier are not affected. If applicable, upgrade to 10.4.3 or 8.1.3+ ...

EUVD-2024-0439

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-44040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache...

CVE-2017-17059

XSS exists in the amtyThumb amty-thumb-recent-post aka amtyThumb posts or wp-thumb-post plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php...

Roxy-WI 操作系统命令注入漏洞

Roxy-WI is a Roxy-WI open source web interface for managing Haproxy, Nginx and Keepalived servers. An operating system command injection vulnerability exists in Roxy-WI 8.1.3 and earlier versions, which stems from the parameter action/service in the actionservice function of the file...

PT-2025-2015 · Roxy-Wi · Roxy-Wi

Name of the Vulnerable Software and Affected Versions: Roxy-WI versions up to 8.1.3 Description: A critical issue has been found in Roxy-WI, affecting the action service function of the file app/modules/roxywi/roxy.py. The manipulation of the action/service argument leads to os command injection...

Moderate: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 8.1.3 product release & security update

The components for Red Hat OpenShift for Windows Containers 8.1.3 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update ...

OPENSUSE-SU-2024:11854-1 php8-8.1.3-1.1 on GA media

These are all security issues fixed in the php8-8.1.3-1.1 package on the GA media of openSUSE Tumbleweed...

BIT-PRESTASHOP-2024-21627 Some attribute not escaped in Validate::isCleanHTML method

PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the isCleanHTML method. Some modules using the isCleanHTML method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this...

PT-2024-21289 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions 8.1.0 through 8.1.3 Description: The issue concerns path disclosure in a JavaScript variable. A patch is available to resolve this problem. Recommendations: For PrestaShop versions 8.1.0 through 8.1.3, update to version...

PrestaShop some attribute not escaped in Validate::isCleanHTML method

Description Some event attributes are not detected by the isCleanHTML method Impact Some modules using the isCleanHTML method could be vulnerable to xss Patches 8.1.3, 1.7.8.11 Workarounds The best workaround is to use the HTMLPurifier library to sanitize html input coming from users. The library...

Cross site scripting

PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape...

CVE-2024-21628 XSS can be stored in DB from "add a message form" in order detail page (FO)

PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape...

PT-2024-18978 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 8.1.3 PrestaShop versions prior to 1.7.8.11 Description: PrestaShop is an open-source e-commerce platform. Some event attributes are not detected by the isCleanHTML method, which could make some modules using this...

K14492558: PHP vulnerability CVE-2021-21708

Security Advisory Description In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result ...

OESA-2022-1692 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache...

UBUNTU-CVE-2021-44040

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1...

PHP 8.1.x < 8.1.3

The version of PHP installed on the remote host is prior to 8.1.3. It is, therefore, affected by a vulnerability as referenced in the Version 8.1.3 advisory. - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filte...

Security Bulletin: Multiple vulnerabilities in Jasper used in Jetty 8.1.3 Server where Rational Synergy is deployed

Summary There are multiple vulnerabilities in Jasper, Version 2 Service Refresh 2 Fix Pack 2, used by Jetty 8.1.3 is affecting IBM Rational Synergy. Vulnerability Details The following are the list of vulnerabilities affecting IBM Rational Synergy: CVEID: CVE-2018-12538 DESCRIPTION: Eclipse Jetty...