OPENSUSE-SU-2026:10353-1 ruby4.0-rubygem-loofah-2.23.1-1.5 on GA media

These are all security issues fixed in the ruby4.0-rubygem-loofah-2.23.1-1.5 package on the GA media of openSUSE Tumbleweed...

CVE-2026-24555

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through = 2.23.2...

CVE-2026-24555

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through = 2.23.2...

CVE-2026-24555

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through = 2.23.1...

CVE-2026-24555

CVE-2026-24555 : WordPress ArtPlacer Widget (artplacer-widget) is affected by a stored XSS due to improper input handling in the package’s web page generation. Affected product/version: ArtPlacer Widget up to and including 2.23.1. Evidence from multiple sources confirms the vulnerability and the ...

WordPress plugin ArtPlacer Widget has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4397

Name of the Vulnerable Software and Affected Versions artplacer ArtPlacer Widget versions through 2.23.1 Description The ArtPlacer Widget contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This can potentially allow an...

WordPress ArtPlacer Widget plugin <= 2.23.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin ArtPlacer Widget versions = 2.23.1...

DEBIAN-CVE-2021-41737

In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route3333333333333333333,2,1,2,3,1 : ;" leads to stack consumption...

SQL Injection in the KubeClarity REST API

Summary A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID Details As it can be seen here, while building the SQL Query the fmt.Sprintf function is used to build the query string without the input having first been...

CVE-2023-44260 WordPress Woocommerce ESTO Plugin <= 2.23.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Mikk Mihkel Nurges, Rebing OÜ Woocommerce ESTO plugin = 2.23.1 versions...

JVN#78253670: web2py development tool vulnerable to open redirect

The admin development tool included in the web2py source code contains an open redirect vulnerability CWE-601. According to the developer, they do not recommend using the tool in operational environment or disclosing it on the Internet. Impact When using the tool, a web2py user may be redirected ...

Amazon Linux 2 : git (ALAS-2023-1943)

The version of git installed on the remote host is prior to 2.23.1-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1943 advisory. A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite...

WordPress plugin Easy Smooth Scroll Links跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Easy Smooth Scroll Links plugin version prior to 2.23.1 has a cross-site scripting vulnerability that stems from the plugin'...

GHSA-7QQV-R2Q4-JXHM privacyIDEA Improper Input Validation vulnerability

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=&pass= to /validate/check url. This vulnerability appears to have been fixed in...

privacyIDEA Improper Input Validation vulnerability

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=&pass= to /validate/check url. This vulnerability appears to have been fixed in...

CVE-2018-1000809

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=&pass= to /validate/check url. This vulnerability appears to have been fixed in...

Input validation

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=&pass= to /validate/check url. This vulnerability appears to have been fixed in...

CVE-2018-1000809

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=&pass= to /validate/check url. This vulnerability appears to have been fixed in...

CVE-2018-1000809

CVE-2018-1000809 affects privacyIDEA 2.23.1 and earlier, with an Improper Input Validation vulnerability in the token validation API that can cause Denial-of-Service. The issue is exploitable via an HTTP request to /validate/check with crafted user and pass parameters. Versions up to 2.23.1 are i...