Astra Linux - уязвимость в ansible

Ansible-playbook -k and Ansible CLI tools, all versions up to 2.8.4; all versions of 2.7.x up to 2.7.13; and all versions of 2.6.x up to 2.6.19. Prompt passwords should be expanded from templates, as these templates may contain special characters. Passwords should be wrapped to prevent triggering...

CVE-2026-1305 Japanized for WooCommerce <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order Manipulation

The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidywebhookpermissioncheck function that unconditionally returns true when the webhook signature header is omitted...

CVE-2024-2946

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization...

EUVD-2023-0221

Malicious code in bioql PyPI...

EUVD-2023-27947

Malicious code in bioql PyPI...

EUVD-2025-19924

Malicious code in bioql PyPI...

Cross-Site Request Forgery (CSRF)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-Site Request Forgery CSRF. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated,...

CVE-2025-8482

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2025-5570

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwaichatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin AI Engine 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2025-6238

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

CVE-2025-6238

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

CVE-2025-6238

The CVE-2025-6238 case concerns the WordPress AI Engine plugin (v2.8.4) with an insecure OAuth implementation where the redirect_uri parameter lacks validation during the authorization flow. This open redirect could allow unauthenticated attackers to intercept the authorization code and obtain an...

CVE-2024-26557

Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter...

CVE-2022-47167

Cross-Site Request Forgery CSRF vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin = 2.8.4 versions...

CVE-2025-31416

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through = 2.8.4...

WordPress Awesome Event Booking plugin <= 2.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Awesome Event Booking versions = 2.8.4...

Fedora 41 : caddy (2024-bd8fe42929)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bd8fe42929 advisory. Automatic update for caddy-2.8.4-1.fc41. Changelog Fri Jul 5 2024 Carl George - 2.8.4-1 - Update to version 2.8.4 rhbz2278549 - Resolves...

openSUSE Security Advisory (openSUSE-SU-2024:0211-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : caddy (openSUSE-SU-2024:0211-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0211-1 advisory. Update to version 2.8.4: cmd: fix regression in auto-detect of Caddyfile 6362 Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped...