[SECURITY] Fedora 42 Update: flatpak-1.16.6-1.fc42

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information...

Fedora 42 : flatpak (2026-2a3e305ac4)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2a3e305ac4 advisory. Update to 1.16.6 Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg Tenable has extracted the preceding descripti...

Fedora 43 : flatpak (2026-5286084b44)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5286084b44 advisory. Update to 1.16.6 Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg Tenable has extracted the preceding descripti...

OPENSUSE-SU-2026:10541-1 flatpak-1.16.6-1.1 on GA media

These are all security issues fixed in the flatpak-1.16.6-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-67546

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through = 1.16.6...

CVE-2025-67546 WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through = 1.16.6...

CVE-2025-67546 WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through = 1.16.6...

WordPress plugin WP ERP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

Sandboxie 输入验证错误漏洞

Sandboxie is sandboxie-plus open source sandbox-based isolation software. An input validation error vulnerability exists in Sandboxie 1.16.6 and earlier versions, which stems from an unchecked overflow that could lead to a heap overflow and execution of arbitrary code...

WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin WP ERP versions = 1.16.6...

EUVD-2023-23577

Malicious code in bioql PyPI...

EUVD-2023-23575

Malicious code in bioql PyPI...

EUVD-2023-23574

Malicious code in bioql PyPI...

EUVD-2023-23578

Malicious code in bioql PyPI...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the storage of unencrypted API keys in config.xml files. An attacker can access sensitive information by obtaining Item/Extended Read permissions or direct access to the controller file...

CVE-2023-1319

Cross-site Scripting XSS - Stored in GitHub repository osticket/osticket prior to v1.16.6...

CVE-2023-1315

Cross-site Scripting XSS - Reflected in GitHub repository osticket/osticket prior to v1.16.6...

CVE-2023-1320

Cross-site Scripting XSS - Stored in GitHub repository osticket/osticket prior to v1.16.6...

WordPress Total Upkeep plugin <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings vulnerability

Authenticated Administrator+ Remote Code Execution via Backup Settings vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Total Upkeep versions = 1.16.6...

PT-2024-39649 · WordPress · Total Upkeep

Name of the Vulnerable Software and Affected Versions: Total Upkeep – WordPress Backup Plugin plus Restore & Migrate versions up to 1.16.6 Description: The issue is related to the lack of input validation and sanitization, making it possible for authenticated attackers with Administrator-level...