CVE-2024-21840

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2...

CVE-2024-22250

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

ROS-20250109-04

Vulnerability of the Fields plug-in of the GLPI system of requests, incidents and inventory of computer equipment is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow An attacker acting remotely could execute arbitrary SQL code...

CVE-2025-22352 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes Plugin <= 1.4.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows Blind SQL Injection.This issue affects ELEX...

PT-2025-1708 · WordPress · Geo Content

Name of the Vulnerable Software and Affected Versions: Geo Content plugin for WordPress versions up to and including 6.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the geotargetlygeocontent shortcode. This allows...

[SECURITY] Fedora 40 Update: ofono-2.14-1.fc40

oFono.org is a place to bring developers together around designing an infrastructure for building mobile telephony GSM/UMTS applications. oFono includes a high-level D-Bus API for use by telephony applications. oFono also includes a low-level plug-in API for integrating with telephony stacks,...

PT-2025-25422

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw was found in GIMP, specifically an integer overflow vulnerability in the "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height,...

[SECURITY] Fedora 41 Update: mingw-gstreamer1-plugins-base-1.24.10-1.fc41

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

[SECURITY] Fedora 41 Update: mingw-gstreamer1-1.24.10-1.fc41

GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plug-in-based architecture means that new data types...

[SECURITY] Fedora 41 Update: ofono-2.14-1.fc41

oFono.org is a place to bring developers together around designing an infrastructure for building mobile telephony GSM/UMTS applications. oFono includes a high-level D-Bus API for use by telephony applications. oFono also includes a low-level plug-in API for integrating with telephony stacks,...

CVE-2024-55086

In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery SSRF can be achieved in the plug-in download address in the backend management system...

Granular sudo Permissions for Installing Veeam Plug-ins for Enterprise Applications using Protection Groups

Challenge This article provides an example granular 'sudoer' configuration for the Linux account that will be used by Veeam Backup & Replication when installing Veeam Plug-Ins for Enterprise Applications using a Protection Group, specifically for Veeam Plug-in for Oracle RMAN and Veeam Plug-in fo...

WordPress plugin PayPal Brasil para WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

Unable to Interact with Some Hypervisors and Cloud Platforms

Veeam Backup & Replication 13.0.1 Upgrade Warning During the upgrade to Veeam Backup & Replication 13.0.1 or higher, the following warning may be displayed: Incompatible backup server certificate The certificate does not support child certificates creation and must be replaced for virtualization...

Intel QAT Engine for OpenSSL software Control Flow Management Insufficiency Vulnerability

The Intel QAT Engine for OpenSSL software is an open source software plug-in designed to accelerate OpenSSL cryptographic operations with Intel Quick Assist Technology QAT hardware. A control flow management deficiency vulnerability exists in Intel QAT Engine for OpenSSL software, which can be...

Release Information for Proxmox Virtual Environment Plug-In v12.1.1.1024

Requirements This update to the Proxmox Virtual Environment Plug-In for Veeam Backup & Replication requires: Veeam Backup & Replication build 12.2.0.334 You can check the build number in the Veeam Backup & Replication Console's Main Menu ≡ under Help About. Proxmox Virtual Environment Plug-In for...

Pandora FMS 路径遍历漏洞

Pandora FMS is a monitoring system from Pandora FMS, USA. The system monitors networks, servers, virtual infrastructures, applications, etc. through visualization. A security vulnerability exists in Pandora FMS versions 700 through prior to 777.3 that stems from a post-authentication arbitrary fi...

CVE-2024-9855

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule1 of the component Module Plug-In Handler. The manipulation...

CVE-2024-9855

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule1 of the component Module Plug-In Handler. The manipulation...

CVE-2024-9855 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule1 of the component Module Plug-In Handler. The manipulation...