Astra Linux - уязвимость в python-django

A issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was susceptible to a denial-of-service attack when used with very long strings...

SUSE CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

SUSE CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

EUVD-2023-2123

Malicious code in bioql PyPI...

PNETLab 路径遍历漏洞

PNETLab is a platform from PNETLab Inc. that allows labs to be downloaded and shared with the community. A path traversal vulnerability exists in PNETLab version 4.2.10, which stems from improper user input cleanup in the file access mechanism and could lead to a directory traversal attack...

PT-2025-21644 · Pnetlab · Pnetlab

Name of the Vulnerable Software and Affected Versions: PNETLab version 4.2.10 Description: The issue arises from the application's failure to properly sanitize user inputs in its file access mechanisms, allowing attackers to perform directory traversal by manipulating file paths in HTTP requests...

CVE-2024-13489

The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

LTL Freight Quotes – Old Dominion Edition 4.2.10 SQL Injection Vulnerability

CVE-2024-13489 LTL Freight Quotes – Old Dominion Edition = 5.6 AND error-bas...

CVE-2024-13489 LTL Freight Quotes – Old Dominion Edition <= 4.2.10 - Unauthenticated SQL Injection

The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

WordPress Passster plugin <= 4.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability

Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Passster versions = 4.2.10...

CVE-2024-11282

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that...

Access Control Bypass

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks during the account deletion process. Remediation Upgrade moodle/moodle to version 4.1.13, 4.2.10, 4.3.7, 4.4.3 or higher. References -...

Django Security Vulnerabilities

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. Django has a security vulnerability. An attacker exploited the vulnerability to cause a denial of...

PT-2023-25739 · Admidio · Admidio

Name of the Vulnerable Software and Affected Versions: admidio/admidio versions prior to 4.2.10 Description: The issue concerns an unrestricted upload of files with dangerous types. This could potentially allow attackers to upload malicious files, posing a security risk. Recommendations: For...

Admidio v4.2.10 - Remote Code Execution Vulnerability

Exploit Title: Admidio v4.2.10 - Remote Code Execution RCE Application: Admidio Version: 4.2.10 Bugs: RCE Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 10.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...

Design/Logic Flaw

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasavesettingscallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated...

CVE-2023-2299 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Missing Authorization on REST-API

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.4.2 due to a missing capability check on the processAction...

PT-2022-27024 · Suse +1 · Release-Notes-Susemanager +5

Name of the Vulnerable Software and Affected Versions: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 versions prior to 4.2.28 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39 SUSE Manager Server 4.2 release-notes-susemanager versions prio...

PT-2022-16392 · Stormshield · Stormshield Network Security

Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 3.7.6 through 3.7.24 Stormshield Network Security SNS versions 3.8.x through 3.11.x before 3.11.13 Stormshield Network Security SNS versions 4.x before 4.2.10 Stormshield Network Security SNS versions...

samba4 security and bug fix update

4.2.10-9 - resolves: 1405358 - CVE-2016-2125 CVE-2016-2126 4.2.10-8 - Synchronize patches for Samba 4.2.10 with RHEL 7.2.z - Resolves: 1383685 - Update samba4 to be on par with RHEL 7.2.z...