PT-2026-47001

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutl...

Traefik 安全漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Vulnerabilities exist in versions prior to Traefik 2.11.44, 3.6.15, and 3.7.0-rc.3. These vulnerabilities stem from the errors middleware module, which forwards the entire set of request headers including...

Traefik < 2.11.44 / 3.x < 3.6.15 Information Disclosure (GHSA-p6hg-qh38-555r)

The version of Traefik installed on the remote macOS host is prior to 2.11.44 or 3.x prior to 3.6.15. It is, therefore, affected by an information disclosure vulnerability: - Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service. CVE-2026-41181 Note...

PT-2026-37371

These are all security issues fixed in the traefik-3.6.15-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-0927

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload...

CVE-2025-64631 WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

CVE-2025-64631 WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

PT-2025-51402

Name of the Vulnerable Software and Affected Versions WCFM Marketplace versions through 3.6.15 Description An authorization issue exists in WC Lovers WCFM Marketplace wc-multivendor-marketplace, allowing exploitation due to incorrectly configured access control security levels. The issue allows...

EUVD-2025-28167

Malicious code in bioql PyPI...

CVE-2025-54744

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through = 3.6.15...

CVE-2025-54744

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through = 3.6.15...

CVE-2025-54744

CVE-2025-54744 refers to the WordPress MasterStudy LMS plugin (versions through 3.6.15) with a Missing Authorization/broken access control flaw. Public sources (Patchstack, CVE listings, Red Hat/RH, CVE-List) identify the root cause as incorrectly configured access control, enabling unauthorized ...

PT-2025-36249

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS versions through 3.6.15 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update MasterStudy LMS to a version later than 3.6.15...

WordPress plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

phpList < 3.6.16 XSS Vulnerability

phpList is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phplist:phplist"; i...

Design/Logic Flaw

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file...

CVE-2022-44583

Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin = 3.6.15 on WordPress...

PT-2022-27257 · Unknown · Watchtowerhq

Name of the Vulnerable Software and Affected Versions: WatchTowerHQ plugin versions 3.6.15 and earlier Description: The issue concerns an Unauth. Arbitrary File Deletion vulnerability. This vulnerability allows for unauthorized deletion of files. Recommendations: For WatchTowerHQ plugin versions...

Security fix for the ALT Linux 10 package gnutls30 version 3.6.15-alt2

March 22, 2021 Mikhail Efremov 3.6.15-alt2 - Fixed gnulib tests. - Fixed CVE-2021-20231, CVE-2021-20232 fixes: CVE-2021-20231, CVE-2021-20232. - Fixed testpkcs11. - Dropped self-provide from devel subpackage...

PT-2020-10893 · Mongodb +1 · Mongodb Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.2.1 MongoDB Server versions prior to 4.0.13 MongoDB Server versions prior to 3.6.15 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted...