Fedora 42 : apt / python-apt (2026-e0e9d0d54a)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-e0e9d0d54a advisory. Update to latest upstream release apt 3.1.15 and python-apt 3.1.0, also fix a security issue in python-apt ---- Update to latest upstream release apt 3.1.15...

CVE-2022-26332

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...

Linux Distros Unpatched Vulnerability : CVE-2019-3809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it shou...

PT-2025-16345

Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC version V3 1.0.15 Description A command injection issue was discovered in the Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC. The issue occurs via the foldername in the...

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

jte 安全漏洞

jte Java Template Engine is a secure and fast template for Java and Kotlin by the individual developer Andreas Hager. A security vulnerability exists in jte 3.1.15 and earlier versions, which stems from improper escaping of backquotes in JavaScript template strings and is vulnerable to cross-site...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.14 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6631 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 297d76ad6b7c Credits Lucio Sá...

Netatalk < 3.1.15 RCE Vulnerability

Netatalk is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netatalk:netatalk...

Cross site scripting

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...

WordPress WooCommerce Product Feed plugin <= 3.1.14 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability found by Damian Ebelties in WordPress WooCommerce Product Feed plugin versions = 3.1.14. Solution Update the WordPress WooCommerce Product Feed plugin to the latest available version at least 3.1.15...

Moodle CMS <= 3.1.15 SSRF Vulnerability

Moodle CMS is prone to an SSRF vulnerability. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation;...

Moodle server-side request forgery vulnerability (CNVD-2019-35807)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A server-side request forgery vulnerability exists in Moodle versions prior to 3.1.15, which can be exploited by attackers to bypass...

Moodle CMS < 3.6, 3.5.x < 3.5.3, 3.4.x < 3.4.6, 3.3.x < 3.3.9 and < 3.1.15 CSRF Vulnerability - Linux

Moodle CMS is prone to a login CSRF vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

Moodle CMS < 3.6, 3.5.x < 3.5.3, 3.4.x < 3.4.6, 3.3.x < 3.3.9 and < 3.1.15 CSRF Vulnerability - Windows

Moodle CMS is prone to a login CSRF vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

UBUNTU-CVE-2018-16854

A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15...

CVE-2018-16854

A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15...

2021-05 .NET Core 3.1.15 Security Update for x86 Client

2021-05 .NET Core 3.1.15 Security Update for x86 Client...