Astra Linux - уязвимость в python-django

In Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1, directory traversal is allowed if the filenames are passed to it directly...

WordPress PDF Flipbook, 3D Flipbook - DearFlip plugin <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress PDF Flipbook, 3D Flipbook - DearFlip plugin = 2.2.26 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin DearFlip versions = 2.2.26...

Improper Encoding or Escaping of Output

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output for certain ConsoleI...

CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

Composer 注入漏洞

Composer is a Composer open source application. Provides a declaration, management and installation of PHP project dependencies. An injection vulnerability exists in Composer versions prior to 2.2.26 and prior to 2.9.3, which stems from the possibility that an attacker could inject ANSI control...

CVE-2025-66132

Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through = 2.2.30...

EUVD-2025-203578

Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through = 2.2.26...

CVE-2025-66132

Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through = 2.2.30...

CVE-2025-66132

CVE-2025-66132 affects FAPI Member (WordPress plugin) according to Wordfence vulnerability details. The issue is described as an Unauthenticated Insecure Direct Object Reference (IDOR) affecting FAPI Member, with affected software listed as FAPI Member and versions up to at least 2.2.29. The entr...

CVE-2025-66132 WordPress FAPI Member plugin <= 2.2.30 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through = 2.2.30...

PT-2025-51420

Name of the Vulnerable Software and Affected Versions FAPI Member versions through 2.2.26 Description An authorization bypass exists due to incorrectly configured access control security levels in FAPI Member. This allows exploitation through a user-controlled key. Recommendations Update FAPI...

WordPress Glossary plugin <= 2.2.26 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Glossary versions = 2.2.26...

PT-2024-37726 · WordPress · Glossary Plugin

Name of the Vulnerable Software and Affected Versions: Glossary plugin for WordPress versions up to, and including, 2.2.26 Description: The issue is due to the plugin utilizing wpdesk and not preventing direct access to the test files, along with display errors being enabled. This allows...

CVE-2024-29807

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26...

WordPress DearFlip Plugin <= 2.2.26 is vulnerable to Cross Site Scripting (XSS)

Software DearFlip Type Plugin Vulnerable versions = 2.2.26 Fixed in 2.2.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29807 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 59b13b8a28ca Credits emad Required privilege Contributor Publish...

CVE-2024-0895

The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated...

PYSEC-2022-3

Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it...