CVE-2026-9228

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

Important: cups

Issue Overview: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside...

EUVD-2026-18999

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authenticated attackers, with subscriber level access and...

CVE-2026-3666 wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authenticated attackers, with subscriber level access and...

PT-2026-30347

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin for WordPress versions up to and including 2.4.16 Description The wpForo Forum plugin for WordPress is susceptible to arbitrary file deletion due to a missing file name/path validation against path traversal sequences...

EUVD-2026-18885

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

CVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

openSUSE 16 Security Update : cups (openSUSE-SU-2026:20172-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20172-1 advisory. Update to version 2.4.16. Security issues fixed: - CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues bsc1253783. ...

OPENSUSE-SU-2026:10088-1 cups-2.4.16-1.1 on GA media

These are all security issues fixed in the cups-2.4.16-1.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 42 Update: cups-2.4.16-4.fc42

CUPS printing system provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Apple Inc. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces...

Fedora 42 : cups (2025-c09b980696)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c09b980696 advisory. fix possible issue reported by OSH ---- 2.4.16 fedora2417970 rebuild due binutils bug fedora2418285 fix division by zero crash in pstops fedora24153...

Sulu HTML Injection via Autocomplete Suggestion

Impact It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form. Only admin users are affected and only admin users can create tags. Patches Has the problem been patched? What versions should users upgrade to? The problem is patch...

OPENSUSE-SU-2019:1965-1 Security update for wireshark

This update for wireshark to version 2.4.16 fixes the following issues: Security issue fixed: - CVE-2019-13619: ASN.1 BER and related dissectors crash bsc1141980. This update was imported from the SUSE:SLE-15:Update update project...

SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2019:2104-1)

This update for wireshark to version 2.4.16 fixes the following issues : Security issue fixed : CVE-2019-13619: ASN.1 BER and related dissectors crash bsc1141980. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

Fedora 22 : httpd-2.4.16-1.fc22 (2015-11689)

Update to new version 2.4.16. This update fixed various bugs as well as few security issues. For full changelog, see http://www.apache.org/dist/httpd/CHANGES2.4.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...

Apache Httpd < 2.4.16 : HTTP request smuggling attack against chunked request parser

An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...