CVE-2022-49140

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2022-49140

CVE-2022-49140 entry is rejected/withdrawn by the CVE Numbering Authority and not an active vulnerability entry.

WordPress plugin ChatBot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Majestic Support 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin...

WordPress plugin Affiliate Coupons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-7853 · Unknown · Quantumcloud Chatbot

Name of the Vulnerable Software and Affected Versions: QuantumCloud ChatBot versions n/a through 6.3.5 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability, which allows PHP Local...

WordPress plugin Eventin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Funnel Builder by FunnelKit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-27272

CVE-2025-27272 is a Local File Inclusion vulnerability in the WordPress plugin VG PostCarousel (affected versions: from n/a through 1.1). The issue arises from improper control of the filename used in PHP Include/Require statements, enabling potential local file access. Connected vulnerability so...

PT-2025-7722

Name of the Vulnerable Software and Affected Versions VG PostCarousel versions 1.1 and earlier Description The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local File...

WordPress plugin Calculator Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin FULL Customer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-7331 · WordPress · The Ultimate Member

Name of the Vulnerable Software and Affected Versions: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress versions up to, and including, 2.9.2 Description: The issue is related to second-order SQL Injection via...

GNU GRUB 缓冲区错误漏洞

GRUB2 is a multiple bootloader for the GNU Project. A buffer overflow vulnerability exists in GNU GRUB2, which stems from the fact that when reading a tar file, GRUB2 allocates an internal buffer for the filename, and does not properly validate the allocation for a possible integer overflow. An...

CLSA-2025-1739525834 kernel: Fix of 24 CVEs

media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat CVE-2024-53104 - wifi: ath9k: add range check for connrspepid in htcconnectservice CVE-2024-53156 - xsk: fix OOB map writes when deleting elements CVE-2024-56614 - hvsock: Initializing vsk-trans to NULL to prevent a...

SUSE CVE-2023-29542

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. This bug only affects Firefox and Thunderbird on Windows. Other versions...

CVE-2024-36079

An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with ...

CVE-2024-35401

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

jinja2: Jinja has a sandbox breakout through malicious filenames

A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents o...

Mageia: Security Advisory (MGASA-2025-0058)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...