Async Http Client 安全漏洞

Async Http Client is an open-source Java-based asynchronous HTTP and WebSocket client library developed by AsyncHttpClient. Versions prior to 3.0.9 and 2.14.5 of Async Http Client had security vulnerabilities. These vulnerabilities stemmed from the redirection process, where authorization headers...

OPENSUSE-SU-2026:10213-1 libxml2-16-2.14.5-4.1 on GA media

These are all security issues fixed in the libxml2-16-2.14.5-4.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10085-1 libxml2-16-2.14.5-2.1 on GA media

These are all security issues fixed in the libxml2-16-2.14.5-2.1 package on the GA media of openSUSE Tumbleweed...

Security update for icinga2 (important)

openSUSE Security Update: Security update for icinga2 Announcement ID: openSUSE-SU-2025:0457-1 Rating: important References: 1084909 1233310 Cross-References: CVE-2024-49369 CVSS scores: CVE-2024-49369 SUSE: 10 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Affected Products:...

EUVD-2025-24001

Malicious code in bioql PyPI...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow. An attacker can access sensitive information by triggering a specially crafted input that causes the process to read beyond the intended memory boundaries. Remediation Upgrade libxml2 to version 2.14.5 or higher...

CVE-2024-8860

The Tourfic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tforderstatusemailresendfunction, tfvisitordetailseditfunction, tfcheckinoutdetailseditfunction, tforderstatuseditfunction, tforderbulkactioneditfunction,...

PT-2025-34747 · WordPress · Tourfic

Name of the Vulnerable Software and Affected Versions: Tourfic plugin for WordPress versions up to and including 2.14.5 Description: The Tourfic plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check in the following functions: tf order status emai...

CVE-2025-8732

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...

libxml2 安全漏洞

libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 version 2.14.5 and earlier, which stems from an uncontrolled recursion problem...

CVE-2024-13562

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored...

PT-2025-2219 · WordPress · Import Wp

Name of the Vulnerable Software and Affected Versions: Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress versions up to, and including, 2.14.5 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the...

WordPress plugin Import WP – Export and Import CSV and XML files to WordPress 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Import WP -...

Updated webkit2 packages fix security vulnerabilities

The webkit2 package has been updated to version 2.14.5, fixing several security issues and other bugs...

CVE-2016-4806

Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files...

CVE-2016-4808

Web2py versions 2.14.5 and below was affected by CSRF Cross Site Request Forgery vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim...

web2py local file inclusion vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A local file inclusion vulnerability exists in the 'file' parameter in web2py version 2.14.5. An attacker can exploit this vulnerability by sending a...

web2py cross-site scripting vulnerability (CNVD-2016-03331)

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A cross-site scripting vulnerability exists in web2py version 2.14.5. An attacker can exploit this vulnerability to inject arbitrary web script or HTML...