CVE-2026-7179

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversa...

CVE-2026-25355

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through 2.4.3...

CVE-2025-67964

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through = 2.4.3...

CVE-2026-24379

CVE-2026-24379 : The WP Job Portal plugin for WordPress (WP Job Portal, plugin slug wp-job-portal) has an insecure direct object reference (IDOR) vulnerability in versions up to and including 2.4.3. The issue is described as an authorization bypass via a user-controlled key, allowing improper acc...

PT-2026-4264

Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.3...

PT-2026-28365

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Sending a "NOOP ..." command with a large number of parentheses e.g., 4000 open and close can lead to excessive memory consumption, approximately 1MB per command. Prolonged use of this technique, by...

CVE-2025-13183 Stored XSS in Hotech's Otello

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hotech Software Inc. Otello allows Stored XSS. This issue affects Otello: from 2.4.0 before 2.4.4...

CVE-2025-13183 Stored XSS in Hotech's Otello

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hotech Software Inc. Otello allows Stored XSS. This issue affects Otello: from 2.4.0 before 2.4.4...

Hotech Otello 跨站脚本漏洞

Hotech Otello is a hospitality management cloud platform from Hotech Turkey. A cross-site scripting vulnerability exists in Hotech Otello versions 2.4.0 through prior to 2.4.4, which stems from improper input neutralization during web page generation and could lead to a stored cross-site scriptin...

CVE-2025-67965

CVE-2025-67965 : WordPress plugin Homey Core (favethemes) is affected up to version 2.4.3. The issue is Missing Authorization / Broken Access Control, allowing unauthorized access due to incorrectly configured access control levels. The advisory in connected sources indicates the CVE is publicly ...

EUVD-2025-203246

The MarqueeAddons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial Marquee widget in all versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-67590

Cross-Site Request Forgery CSRF vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through = 2.4.3...

CVE-2025-67590 WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through = 2.4.3...

WordPress plugin Ultimate FAQ 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-60204

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion.This issue affects WooCommerce Store Toolkit: from n/a through = 2.4.3...

PT-2025-45277

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion.This issue affects WooCommerce Store Toolkit: from n/a through = 2.4.3...

Fedora 42 : openbao (2025-4bf7795b4e)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4bf7795b4e advisory. Update to upstream 2.4.3, including fixes for CVE-2025-62513 and CVE-2025-62705. Tenable has extracted the preceding description block directly from...

CVE-2025-61136

A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's urlforexternal=True generates reset links without a fixed SERVERNAM...

JLSEC-2025-48 nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

RTSPtoWeb 安全漏洞

RTSPtoWeb is an RTSP to Web converter by the individual developer Andrey Semochkin. A security vulnerability exists in RTSPtoWeb version 2.4.3, which stems from the lack of an authentication mechanism and could lead to the disclosure of sensitive information and the execution of arbitrary code...