WordPress CIBELES AI plugin <= 1.10.8 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin CIBELES AI versions = 1.10.8...

CVE-2025-13595 CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

CVE-2025-48950 MaxKB Python Sandbox Bypass in Function Library

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as /bin,/usr/bin, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directori...

OESA-2024-1426 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions...

VulnCheck KEV: CVE-2023-39026

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component...

FileMage 路径遍历漏洞

FileMage is a software solution for file transfer and data management. A security vulnerability exists in FileMage Gateway v.1.10.8 and earlier versions, which stems from a directory traversal vulnerability that allows remote attackers to obtain sensitive information via a crafted request...

PT-2022-16801 · Hashicorp +2 · Ingress Gateway +4

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.8.0 through 1.9.14 HashiCorp Consul and Consul Enterprise version 1.10.7 HashiCorp Consul and Consul Enterprise version 1.11.2 Description: The issue allows a user with service:write permissio...

Mageia: Security Advisory (MGASA-2020-0237)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-4MV4-GMMF-Q382 DataTable Vulnerable to Cross-Site Scripting

Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php. Recommendation Update to a version greater than 1.10.8. A fix appears in...

Updated ant packages fix security vulnerability

Updated ant packages fix security vulnerability: Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back...

docker-engine security update

18.03.1.ol-0.0.15 - cherry-picked fix for CVE-2018-15664 from upstream 18.03.1.ol-0.0.14 - rebuild 18.03.1.ol-0.0.13 - update for CVE-2018-20699 18.03.1.ol-0.0.12 - correct the version string of containerd 18.03.1.ol-0.0.11 - update runc for CVE-2019-5736 18.03.1.ol-0.0.10 - update Go to version...

runc security update

1.0.0-19.rc5.git4bb1fe4.0.3.el7 - Apply patch for CVE-2019-5736 Wiekus Beukes 1.0.0-19.rc5.git4bb1fe4.0.2.el7 - update Go version to 1.10.8, fix version string Laszlo Laca Peter 1.0.0-19.rc5.git4bb1fe4.0.1.el7 - Tuning .spec file 2:1.0.0-19.rc5.git4bb1fe4 - release v1.0.0rc5...

CVE-2019-6486

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service CPU consumption or possibly conduct ECDH private key recovery attacks...

[SECURITY] [DSA 3565-1] botan1.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3565-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 02, 2016 https://www.debian.org/security/faq -...