Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: openssl: openssl-3.5.6-0.3.hum1 aarch64, x8664 openssl-config-fips-3.5.6-0.3.hum1 aarch64, x8664 openssl-devel-3.5.6-0.3.hum1 aarch64, x8664 openssl-devel-engine-3.5.6-0.3.hum1 aarch64, x8664...

PT-2026-2407

Name of the Vulnerable Software and Affected Versions TeamSpeak version 3.5.6 Description TeamSpeak 3.5.6 has a file permissions issue that allows local attackers to replace executable files with malicious binaries. An attacker can replace system executables, such as ts3client win32.exe, with...

CVE-2024-14020

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

GHSA-6RCW-WW3X-XQWM carbone Code Injection vulnerability

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

CVE-2024-14020

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

CVE-2024-14020 carboneio carbone Formatter input.js prototype pollution

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

EUVD-2025-15487

Malicious code in bioql PyPI...

CVE-2021-32735

Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's ListItem component used in the pages and files section for example displayed HTML in page titles as it is. This could be used for cross-site scripting XSS attacks. Malicious authenticated Panel users can...

CVE-2025-32307 WordPress Chameleon HTML5 Audio Player With/Without Playlist <= 3.5.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without Playlist allows SQL Injection. This issue affects Chameleon HTML5 Audio Player With/Without Playlist: from n/a through 3.5.6...

WordPress plugin Chameleon HTML5 Audio Player With/Without Playlist SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin Product Table for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress plugin Dreamfox Media Payment gateway per Product for Woocommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress Payment gateway per Product for WooCommerce plugin <= 3.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Dreamfox Media Payment gateway per Product for Woocommerce versions = 3.5.6...

WordPress WPFunnels Plugin <= 3.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WPFunnels Type Plugin Vulnerable versions = 3.5.5 Fixed in 3.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10792 Patch priority Medium CVSS severity Medium 7.1 Developer WPFunnels Team PSID b1c17399226b Credits Nathan calysteon Require...

CVE-2023-44487 affecting package etcd for versions less than 3.5.6-11

CVE-2023-44487 affecting package etcd for versions less than 3.5.6-11. A patched version of the package is available...

WordPress Image Photo Gallery Final Tiles Grid Plugin <= 3.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Image Photo Gallery Final Tiles Grid Type Plugin Vulnerable versions = 3.5.6 Fixed in 3.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 37480a127ac6 Credits Rafie Muhammad...

WordPress WP Content Copy Protection & No Right Click Plugin <= 3.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Content Copy Protection & No Right Click Type Plugin Vulnerable versions = 3.5.5 Fixed in 3.5.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-36678 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 91b64bb0fc8d Credits LEE SE...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in the WordPress plugin Podlove Podcast Publisher, which stems from the fact that versions of the Podlove Podcast Publisher WordPress plugin prior to version 3.5.6 include a "Social and...

OESA-2021-1292 mybatis security update

The MyBatis data mapper framework makes it easier to use a relational database with object-oriented applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object...

CVE-2020-10709

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to...