CVE-2026-48217

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in delete_module.php. The vulnerability allows an authenticated attacker to inject arbitrary JavaScript by passing unsanitized values through POST parameters module_choice, flag, and confirmation, which are then rendered into HTML c...

CVE-2026-44068

CVE-2026-44068 affects Netatalk 2.1.0–4.4.2. The issue is an incomplete sanitization of extended attribute (EA) path components, enabling path traversal. A fix is available in Netatalk 4.4.3 (and later). The NVD entry notes a CVSSv3.1 base score of 7.6 (HIGH) with network vector, low attack compl...

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.4 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from a confusion between UCS-2 typ...

CVE-2026-35008

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into an HTML attribute. Attackers can craft a...

CVE-2026-35007

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in singleunit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id GET parameter directly into an HTML attribute. Attackers can craft a maliciou...

CVE-2025-13079

CVE-2025-13079 concerns the WordPress plugin “Popup Builder” (versions

vCluster Platform security vulnerabilities

vCluster Platform is an open-source virtual cluster manager developed by vCluster. Vulnerabilities existed in versions prior to vCluster Platform 4.6.0, 4.5.4, 4.4.2, and 4.3.10. These vulnerabilities were due to a potential bypass of range restrictions, which could lead to access to resources th...

Form.io 信息泄露漏洞

Form.io is a combined forms and API platform for serverless applications from US-based Form.io. An information disclosure vulnerability exists in Form.io versions prior to 3.5.6 and 4.0.0-rc.1 through 4.4.2, which stems from a flaw in path handling that could lead an attacker to access a protecte...

JLSEC-2025-119 An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729...

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729parse in llibavcodec/g729parser.c when processing a specially crafted file...

CVE-2024-1985

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2022-44211

creationtimestamp| type| source ---|---|--- 2025-04-24 18:06:52+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13303...

WordPress WPC Grouped Product for WooCommerce plugin <= 4.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin WPC Grouped Product for WooCommerce versions = 4.4.2...

BleachBit Code Issue Vulnerability

BleachBit is a free open source disk space cleaner, privacy manager and computer system optimizer from BleachBit Open Source. A code issue vulnerability exists in BleachBit 4.4.2 and prior versions that stems from the presence of a dynamic link library DLL hijacking vulnerability...

SUSE CVE-2006-1549

PHP 4.4.2 and 5.1.2 allows local users to cause a crash segmentation fault by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected...

PT-2022-6814 · Unknown +1 · Openimageio +1

Name of the Vulnerable Software and Affected Versions: OpenImageIO version 2.4.4.2 Description: Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO. A specially crafted ImageOutput Object can lead to a heap buffer overflow. This issue arises when the...

UBUNTU-CVE-2022-1475

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729parse in llibavcodec/g729parser.c when processing a specially crafted file...

PT-2022-13915 · FFmpeg +3 · Ffmpeg +3

Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to 4.4.2 FFmpeg versions prior to 5.0.1 Description: An integer overflow issue was discovered in the g729 parse function located in libavcodec/g729 parser.c when handling a specially crafted file. This issue can be...

PT-2020-19852 · Mongodb · Mongodb Ops Manager

Name of the Vulnerable Software and Affected Versions: MongoDB Ops Manager versions prior to and including 4.2.17 MongoDB Ops Manager versions prior to and including 4.3.9 MongoDB Ops Manager versions prior to and including 4.4.2 Description: Specially crafted API calls may allow an authenticated...

PT-2016-4081 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.4.2 Description: The issue allows local users to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This occurs when a crafted application does not supply a key, related ...

Sierra Wireless ALEOS Administrator Access Gain Vulnerability

Founded in 1993 in Canada, Sierra Wireless provides hardware, software, and services in the wireless marketplace, delivering innovative, reliable, and high-performance solutions to its customers.ALEOS is the application framework... A security vulnerability in Sierra Wireless ALEOS versions prior...