Astra Linux - уязвимость в cups

Due to a failure in validating the length provided by a PPD PostScript document crafted by an attacker, CUPS and libppd are vulnerable to a heap-based buffer overflow, potentially leading to code execution. This issue has been fixed in CUPS version 2.4.7, released in September 2023...

EUVD-2026-11835

Server-Side Request Forgery SSRF vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through = 2.4.7...

PT-2026-4221

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through = 2.4.7...

CVE-2025-68503 WordPress JetBlog plugin <= 2.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetBlog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through 2.4.7...

CVE-2025-49914

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects Restaurant Menu by MotoPress: from n/a through = 2.4.7...

CVE-2025-66036 Retro is vulnerable to XSS vulnerability in input handling component

Retro is an online platform providing items of vintage collections. Prior to version 2.4.7, Retro is vulnerable to a cross-site scripting XSS in the input handling component. This issue has been patched in version 2.4.7...

CVE-2025-66036 Retro is vulnerable to XSS vulnerability in input handling component

Retro is an online platform providing items of vintage collections. Prior to version 2.4.7, Retro is vulnerable to a cross-site scripting XSS in the input handling component. This issue has been patched in version 2.4.7...

PT-2025-48354

Name of the Vulnerable Software and Affected Versions Retro versions prior to 2.4.7 Description Retro, an online platform for vintage collections, has a cross-site scripting XSS issue in the input handling component. This allows for potential malicious code execution through crafted input...

CVE-2025-12064

The WP2Social Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Linux Distros Unpatched Vulnerability : CVE-2022-24755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 = 18.2 but prior to 21.1.0, 20.0.6...

Tiny File Manager 跨站脚本漏洞

Tiny File Manager is a web-based open source file manager from the individual developer Prasath Mani. A security vulnerability exists in Tiny File Manager version v2.4.7 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code by injecting a specially crafted...

CVE-2025-24680

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. This issue affects WP Multi Store Locator: from n/a through 2.4.7...

WordPress WP Multi Store Locator Plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata in WordPress Plugin WP Multistore Locator versions = 2.4.7...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.478 and earlier and LTS 2.462.2 and earlier, which stems from a failed...

WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Responsive Lightbox versions = 2.4.7...

GHSA-8W5F-8992-G86J Magento Improper Authorization vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information...

WordPress AI ENGINE plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin AI Engine versions = 2.4.7...

WordPress plugin WP Prayer II security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-4142 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier Description: The issue is related to insufficient access control in Adobe Commerce, allowing a remote attacker to bypass existing security restrictions. This could result...

WordPress HT Mega plugin <= 2.4.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin HT Mega versions = 2.4.7...