203 matches found
[SECURITY] [DLA 4591-1] rsync security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4591-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz May 20, 2026 https://wiki.debian.org/LTS -...
Astra Linux - уязвимость в xerces-c
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request...
EUVD-2026-23278
Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption...
EUVD-2026-20266
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects Biolife: from n/a through = 3.2.3...
EUVD-2026-20268
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through = 3.2.3...
PT-2026-31188
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects Biolife: from n/a through = 3.2.3...
WordPress plugin Biolife 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-25390
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through = 3.2.3...
EUVD-2026-15705
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through = 3.2.3...
CVE-2026-25390
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through = 3.2.3...
CVE-2026-25390 WordPress New User Approve plugin <= 3.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through = 3.2.3...
CVE-2026-27206
A flaw was found in zumba/json-serializer. A remote attacker can exploit a deserialization vulnerability by providing untrusted JSON input that leverages a special @type field to instantiate arbitrary classes. This can lead to PHP Object Injection, potentially allowing the attacker to achieve...
Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()
Description The zumba/json-serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.3, the deserializer would instantiate any class specified in the @type field without restriction. When processing untrusted JSON input, this behavior may...
CVE-2019-25314 Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting
Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005322)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005322 advisory. Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Typ...
Nsasoft Nsauditor security vulnerabilities
Nsasoft Nsauditor is a network security software developed by the American company Nsasoft. Version Nsasoft Nsauditor 3.2.3 contains a security vulnerability. This vulnerability stems from a buffer overflow in the registration code input field, which could lead to a denial-of-service attack...
CVE-2021-47815 Nsauditor 3.2.3 - Denial of Service (PoC)
Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash...
CVE-2024-34310
Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter...
PT-2026-20985
Name of the Vulnerable Software and Affected Versions Zumba Json Serializer versions 3.2.2 and below Description The Zumba Json Serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.3, the deserializer instantiates any class specified...
CVE-2025-49041
Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through = 3.2.3...