295 matches found
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987104)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987104 advisory. In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfptunneladdsharedmac idasimpleget returns an id between min...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987205)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987205 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect flwalk with rcu Patch that refactored flwalk to use...
EUVD-2022-24456
Malicious code in bioql PyPI...
EUVD-2023-39785
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-30034
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then acce...
net/sched: flower: Fix chain template offload
...
Linux Distros Unpatched Vulnerability : CVE-2021-47402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect flwalk with rcu Patch that refactored flwalk to use...
Linux Distros Unpatched Vulnerability : CVE-2023-35788
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in flsetgeneveopt in net/sched/clsflower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier...
Linux Distros Unpatched Vulnerability : CVE-2021-47592
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- ...
Malicious code in celery-flower (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-6475 Malicious code in celery-flower (PyPI)
--- -= Per source details. Do not edit below this line.=-...
kernel: net/sched: flower: Fix chain template offload
In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload The Linux kernel CVE team has assigned CVE-2024-26669 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040237-CVE-2024-26669-ca3c@gregkh/T...
CVE-2022-30034
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...
CVE-2019-16926
Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has ful...
CVE-2024-11769
The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2024-11769
CVE-2024-11769 – Flower Delivery by Florist One (WordPress) has a stored XSS vulnerability in the Flower Delivery shortcode (flower-delivery). According to connected sources, all versions up to and including 3.9 are affected due to insufficient input sanitization and output escaping on user-suppl...
CVE-2024-11769 Flower Delivery by Florist One <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
WordPress plugin Flower Delivery by Florist One 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
PT-2024-17245 · WordPress · The Flower Delivery By Florist One
Name of the Vulnerable Software and Affected Versions: Flower Delivery by Florist One plugin for WordPress versions up to and including 3.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode due to insufficient input sanitization and outp...
WordPress Flower Delivery by Florist One plugin <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Flower Delivery by Florist One versions = 3.9...