Astra Linux - уязвимость в ansible

Ansible-playbook -k and Ansible CLI tools, all versions up to 2.8.4; all versions of 2.7.x up to 2.7.13; and all versions of 2.6.x up to 2.6.19. Prompt passwords should be expanded from templates, as these templates may contain special characters. Passwords should be wrapped to prevent triggering...

CVE-2025-48065

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-47932 Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an AJAX call. Versions 2.7.13 and 3.2.2 sanitize the var responsible for the attack...

EUVD-2025-50807

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

PT-2025-46182

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 Combodo iTop versions prior to 3.2.2 Description Combodo iTop is a web-based IT service management tool. An administrator can execute code on the server by editing the configuration of the iTop instance in...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in Combodo iT...

EUVD-2025-19262

Malicious code in bioql PyPI...

CVE-2025-32689

Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through = 2.8.2...

CVE-2025-32689 WordPress Download Manager and Payment Form plugin <= 2.8.2 - Price Manipulation vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through = 2.8.2...

PT-2025-36757

Name of the Vulnerable Software and Affected Versions: WP SmartPay versions n/a through 2.7.13 Description: An improper validation of the specified quantity in input exists in ThemesGrove WP SmartPay. Recommendations: Update WP SmartPay to a version later than 2.7.13...

TencentOS Server 2: python (TSSA-2025:0542)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0542 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CVE-2025-25171

Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through = 2.7.13...

WordPress plugin WP SmartPay 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Le Ngoc Anh in WordPress Plugin WP SmartPay versions = 2.7.13...

BIT-DISCOURSE-2022-21642 Exposure of whisper participants in discourse

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this...

BIT-DISCOURSE-2022-21678 User's bio visible even if profile is restricted in Discourse

Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the tests-passed branch, version 2.8.0.beta11 in the beta branch, and version 2.7.13 in the stable branch, the bios of users who made their profiles private were still visible in the tags on their users' pages. The...

CVE-2023-6984

The PowerPack Addons for Elementor Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the...

PT-2022-15029 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.13 Discourse versions prior to 2.8.0.beta11 Description: A vulnerability has been discovered in Discourse where the group advanced search option does not respect the group's visibility and members visibility...

CVE-2022-21684 User can bypass approval when invited to Discourse

Discourse is an open source discussion platform. Versions prior to 2.7.13 in stable, 2.8.0.beta11 in beta, and 2.8.0.beta11 in tests-passed allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with mustapproveusers enabled is going to ...

CVE-2022-21678

Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the tests-passed branch, version 2.8.0.beta11 in the beta branch, and version 2.7.13 in the stable branch, the bios of users who made their profiles private were still visible in the tags on their users' pages. The...