Amazon Linux 2 : xdg-desktop-portal, --advisory ALAS2-2026-3298 (ALAS-2026-3298)

The version of xdg-desktop-portal installed on the remote host is prior to 1.0.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3298 advisory. Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host...

`Program<System>` accepts arbitrary executable programs

Affected versions of anchor-lang did not properly validate accounts declared as Program. The generic Program validation path used Pubkey::default as a sentinel to decide whether any executable program should be accepted. Since the system program id is also the default pubkey, Program was treated...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource's metadata field is nil. An attacker can cause a server crash and disrupt service availability by sending emp...

GHSA-455V-W7R9-3VV9 Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity

Overview A security review of the Cattown identified multiple weaknesses that could potentially impact its stability and security. Affected Versions - All versions below 1.0.2 Description of Vulnerabilities 1. CWE-1333: Inefficient Regular Expression Complexity The package used regular expression...

CVE-2015-10093

A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function userrowactions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can b...

CVE-2014-125091

A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely...

PT-2024-35213 · Cmsminds · Cmsminds Boat Rental Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: cmsMinds Boat Rental Plugin for WordPress versions 1.0.1 and earlier Description: The issue allows malicious file uploads, posing a risk of web server compromise. This can enable an attacker to upload a web shell to a web server...

PT-2024-20539 · Galette · Galette

Name of the Vulnerable Software and Affected Versions: Galette versions 1.0.0 through 1.0.1 Description: Galette is a membership management web application for non-profit organizations. By default, public pages are restricted to only administrators and staff members in versions prior to 1.0.2...

PT-2023-10290 · WordPress · Wooframework Branding Plugin

Name of the Vulnerable Software and Affected Versions: WooFramework Branding Plugin versions up to 1.0.1 Description: A problematic vulnerability has been found in the WooFramework Branding Plugin on WordPress. The issue affects the admin screen logic function of the file wooframework-branding.ph...

PT-2023-10159 · Codepeople · Codepeople Cp-Polls Plugin

Name of the Vulnerable Software and Affected Versions: codepeople cp-polls Plugin version 1.0.1 Description: A critical issue has been found in the codepeople cp-polls Plugin, affecting unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the lu argument leads to sql...

PT-2023-10257 · Atwellpub · Atwellpub Resend Welcome Email Plugin

Name of the Vulnerable Software and Affected Versions: atwellpub Resend Welcome Email Plugin version 1.0.1 Description: A problematic issue has been found in the atwellpub Resend Welcome Email Plugin, affecting the send welcome email url function of the file resend-welcome-email.php. This issue...

UBUNTU-CVE-2022-39393

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously ...

UBUNTU-CVE-2022-31082

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks...

Arbitrary Command Injection

Overview killport is an a nodejs module to kill any processes base on its port Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

PT-2020-2660 · Jenkins · Jenkins Azure Container Service Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure Container Service Plugin versions 1.0.1 and earlier Description: The issue is related to the YAML parser in the Jenkins Azure Container Service Plugin, which does not properly configure to prevent the instantiation of arbitrary...

PT-2018-13595 · Npm · Cached-Path-Relative

Name of the Vulnerable Software and Affected Versions: cached-path-relative versions =1.0.1 Description: A prototype pollution attack allows an attacker to inject properties on Object.prototype, which are then inherited by all the JS objects through the prototype chain, causing a Denial of Servic...

Elastic Cloud Enterprise 1.0.2 security update

Elastic Cloud Enterprise unsecured communication ESA-2017-13 The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle MITM the traffic between the client-forwarder and ZooKeeper they could...

Quick Polls - Local File Inclusion / Deletion

'Quick Polls' Local File Inclusion & Deletion Vulnerabilities CVE-2011-1099 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Two vulnerabilities exist in 'Quick Polls' providing local file inclusion & local file deletion due to null-byte attacks...