42 matches found
WordPress Ultimate Member plugin <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability
Authenticated Contributor+ Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability discovered by HDH - FPT Software in WordPress Plugin Ultimate Member versions = 2.11.2...
SUSE CVE-2026-30852
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
CVE-2026-30851
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...
UBUNTU-CVE-2026-30852
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
CVE-2026-30851
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...
CVE-2026-30851
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...
CVE-2026-30852
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
Header Injection
Overview Affected versions of this package are vulnerable to Header Injection in the varsregexp matcher. An attacker can access sensitive environment variables, file contents, or system information by injecting specially crafted placeholders such as env. or file. into HTTP request headers, which...
Header Injection
Overview Affected versions of this package are vulnerable to Header Injection in the varsregexp matcher. An attacker can access sensitive environment variables, file contents, or system information by injecting specially crafted placeholders such as env. or file. into HTTP request headers, which...
AZL-78374 CVE-2026-27571 affecting package telegraf 1.31.0-12
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...
CVE-2026-27571
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...
PT-2026-21766
Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.2 NATS-Server versions prior to 2.12.3 Description NATS-Server, a high-performance messaging system, has an issue in its WebSocket implementation. The server handles compressed messages via WebSocket negotiat...
EUVD-2023-0309
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-6446
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. CVE-2017-6446 Note that Nessus relie...
PT-2025-32403 · Cuteflow · Cuteflow
Name of the Vulnerable Software and Affected Versions: CuteFlow versions 2.11.2 and earlier Description: CuteFlow versions 2.11.2 and earlier contain an arbitrary file upload issue in the restart circulation values write.php script. The application does not validate or restrict uploaded file type...
CuteFlow 安全漏洞
CuteFlow is a web-based document flow and workflow tool from CuteFlow, Inc. A security vulnerability exists in CuteFlow 2.11.2 and earlier versions, which stems from the restartcirculationvalueswrite.php script that does not validate the file type, which could lead to arbitrary file uploads and...
CVE-2025-32019
Harbor (the open source cloud-native registry) contains a stored XSS vulnerability in the markdown field of the info tab. Affected versions are 2.11.2 and earlier, and 2.12.0-rc1 and 2.13.0-rc1. The issue is fixed in Harbor 2.11.3 and 2.12.3. Existence and details are supported by multiple source...
PT-2025-6604 · WordPress · Hurrytimer
Name of the Vulnerable Software and Affected Versions: HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin versions up to, and including, 2.11.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...
CVE-2024-45366
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser...