88 matches found
KLA91056 DoS vulnerabilities in Wireshark
Denial of service vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in Wireshark dissector can be exploited remotely to cause denial of service. 2...
Fedora 44 : dnsdist (2026-519446405a)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-519446405a advisory. Update to latest upstream Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
DeepL Chrome browser extension vulnerable to cross-site scripting
Overview DeepL Chrome browser extension contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-40451 This vulnerability was reported by the researchers below and JPCERT/CC coordinated with the developer. Junki Yuasa of Cybozu, Inc. reported this vulnerability to JPCERT/CC...
baserCMS is Vulnerable to Cross-site Scripting
baserCMS has DOM-based cross-site scripting in tag creation. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious JavaScript may be executed when creating a tag. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...
baserCMS has an SQL injection vulnerability in its blog post functionality
baserCMS has a SQL injection vulnerability in blog posts. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious SQL may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...
📄 ChurchCRM 6.8.0 Information Disclosure Tester
ChurchCRM versions 6.8.0 and earlier expose the installation setup endpoint without proper access restrictions. If the setup process remains accessible after deployment, it may allow unauthorized users to interact with configuration parameters. This misconfiguration increases the risk of...
Advisory ROSA-SA-2026-3176
Software: modauthopenidc 2.4.9.4 OS: ROSA Virtualization 3.0 unaffected versions = modauthopenidc-2.4.9.4-8.rv30 affected versions modauthopenidc-2.4.9.4-8.rv30 CVE-ID: CVE-2025-3891 BDU-ID: 2025-10948 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the authentication and authorization module for...
PT-2026-7328
Name of the Vulnerable Software and Affected Versions Frappe versions prior to 14.99.14 Frappe versions prior to 15.94.0 Description A crafted malicious signup URL for a Frappe site could lead to an open redirect or reflected cross-site scripting XSS, depending on the crafted payload, when a user...
Siemens SINEC NMS
SUMMARY Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for the affected...
Adobe Commerce - Authentication Bypass
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high...
📄 WP-Polls 2.73 Cross Site Scripting
A cross site scripting vulnerability exists in WP-Polls WordPress Plugin version 2.73. This issue is older research added to the archive. WP-Polls 2.73 - Reflected Cross-site Scripting Advisory ID: RO-16-005 CVE ID: CVE-2016-10936 Severity: Medium Vendor: WordPress Product: WP-Polls Version: 2.73...
Siemens TeleControl Server Basic
SUMMARY TeleControl Server Basic before V3.1.2.4 contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. Siemens has released a new version for TeleControl Server Basic and recommends to update to the latest version. 2...
CVE-2026-0830 Command Injection in Kiro GitLab Merge Request Helper
Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...
PT-2026-2125
Name of the Vulnerable Software and Affected Versions rsa crate versions prior to 0.9.10 Description The rsa crate, an RSA implementation written in rust, experiences a panic instead of returning an error during the creation of an RSA private key from its components when one of the prime numbers ...
KLA90683 DoS vulnerability in Wireshark
Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2025-07 · HTTP3 dissector crash Exploitation Public exploits exist for this vulnerability. Related products Wireshark CVE list...
KLA90684 DoS vulnerability in Wireshark
Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2025-05 · BPv7 dissector crash Related products Wireshark CVE list CVE-2025-13674 high Solution Update to the latest version Download...
KLA90685 DoS vulnerability in Wireshark
Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2025-06 · Kafka dissector crash Related products Wireshark CVE list CVE-2025-13499 high Solution Update to the latest version Download...
PT-2025-47296
Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description An issue exists in WinPlus that allows for the upload of dangerous file types. An attacker can upload a 'webshell' by sending a POST request to the ''/WinplusPortal/ws/sWinplus.svc/json/uploadfile'' endpoin...
PT-2025-44522
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R2 Description Nagios XI versions prior to 2024R2 have a command injection issue in the WinRM plugin. A lack of proper validation of user-supplied parameters allows an authenticated administrator to inject shell...
PT-2025-44362
Name of the Vulnerable Software and Affected Versions Drupal Simple OAuth OAuth2 & OpenID Connect versions 6.0.0 through 6.0.6 Description A flaw exists in Simple OAuth OAuth2 & OpenID Connect that permits authentication bypass. This issue allows bypassing normal authentication mechanisms through...