CVE-2026-43619 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43619 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

CVE-2026-39380

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...

CVE-2026-39380

Open Source Point of Sale (OSPOS) has a Stored XSS in the Stock Locations configuration. Before version 3.4.3, the stock_location input is not properly sanitized, allowing injected JavaScript to be stored in the database and executed when viewing the Employees interface. Affected product: OSPOS (...

Open Source Point of Sale 跨站脚本漏洞

Open Source Point of Sale is an open-source sales point system based on the internet. Versions of Open Source Point of Sale prior to 3.4.3 had a cross-site scripting vulnerability. This vulnerability stemmed from improper configuration of the customername column in the Daily Sales management tabl...

WordPress Responsive Plus plugin < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Responsive Plus versions 3.4.3...

Linux Distros Unpatched Vulnerability : CVE-2017-15571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/list.html.erb via crafted column data. CVE-2017-15571 Note...

Linux Distros Unpatched Vulnerability : CVE-2017-15569

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value tha...

SUSE CVE-2017-15571

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/list.html.erb via crafted column data...

CVE-2021-24135

Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML...

Apache SpamAssassin Resource Management Error Vulnerability

Apache SpamAssassin is an open source spam filter from the Apache USA Foundation. The product provides system administrators with a filter and support for categorizing email to block spam. A security vulnerability exists in Apache SpamAssassin versions prior to 3.4.3. An attacker could exploit th...

Apache SpamAssassin Operating System Command Injection Vulnerability

Apache SpamAssassin is an open source spam filter from the Apache USA Foundation. The product provides a filter for system administrators and supports categorizing email to block spam. A security vulnerability exists in Apache SpamAssassin versions prior to 3.4.3. An attacker could exploit the...

Redmine cross-site scripting vulnerability (CNVD-2017-31957)

Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . A cross-site scripting vulnerability exists in the app/views/issues/list.html.erb file in Redmine...

DEBIAN-CVE-2017-15571

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/list.html.erb via crafted column data...

DEBIAN-CVE-2011-2713

oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service crash via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser...