GHSA-WQCR-7RF3-F64M Singluarity: Incorrect path matching for 'limit container paths' directive

Impact The limit container paths directive in singularity.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed. For exampl...

Singluarity: Incorrect path matching for 'limit container paths' directive

Impact The limit container paths directive in singularity.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed. For exampl...

CVE-2025-71244 SPIP < 4.4.5 Open Redirect via Login Form

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...

EUVD-2024-2279

Malicious code in bioql PyPI...

WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Constructo versions = 4.3.9...

CVE-2025-58244 WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Anps Constructo constructo allows Object Injection.This issue affects Constructo: from n/a through = 4.3.9...

CVE-2025-58244

CVE-2025-58244 (Constructo) is a CSRF-related vulnerability in the Constructo WordPress theme that, per the provided documents, allows object injection. Affected software ranges to Constructo versions up to 4.3.9. The CVE description and related references (including Wordfence summaries) confirm ...

PT-2025-38908

Name of the Vulnerable Software and Affected Versions Anps Constructo versions through 4.3.9 Description Anps Constructo is susceptible to a Cross-Site Request Forgery CSRF issue that can lead to Object Injection. This allows an attacker to potentially manipulate the application by exploiting the...

CVE-2024-37906

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the /admprogram/modules/ecards/ecardsend.php source file of the Admidio Application. The SQL Injection results in a compromise of the...

CVE-2025-3907

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

PT-2025-17661 · Drupal · Drupal Search Api Solr

Name of the Vulnerable Software and Affected Versions: Drupal Search API Solr versions 0.0.0 through 4.3.8 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed. This issue can be exploited to perform actions on behalf of another...

WordPress plugin WP Social Feed Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-28577 · WordPress · Wp Social Feed Gallery

Name of the Vulnerable Software and Affected Versions: WP Social Feed Gallery versions through 4.3.9 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through...

PT-2024-32960 · Unknown · Cm Tooltip Glossary

Name of the Vulnerable Software and Affected Versions: CM Tooltip Glossary versions through 4.3.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

CVE-2023-34092

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...

CVE-2023-23878 WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin = 4.3.9 versions...

WordPress plugin Google Maps – WP MAPS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

USN-2950-3 samba regressions

USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were adde...

Fortinet FortiMail < 4.3.9 / 5.0.8 / 5.1.5 / 5.2.3 XSS

The remote host is running a version of FortiMail that is prior to 4.3.9 / 5.0.8 / 5.1.5 / 5.2.3. It is, therefore, affected by a cross-site scripting vulnerability in the web GUI due to improper input validation within the Web Action Quarantine Release feature, specifically for the 'release'...

PHPHoo3 &lt; 5.2.6 - &#039;viewCat&#039; SQL Injection

Viva IslaM Viva IslaM Remote SQL injection Vulnerability phpHoo3 V 4.4.8 - 4.3.9 - 4.3.10 - 5.2.6 - phpHoo3.php viewCat AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM && WwW.AtsDp.CoM/f Email : [email protected] SYRiAN Arab HACkErS -: Exploites for versions :- V4.4.8...