CVE-2026-41143

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...

CVE-2026-6526

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the formatDataBeforeSave process. An attacker can execute arbitrary SQL commands by supplying crafted input to the idfiche parameter, which is concatenated directly into a SQL query without sanitization. Remediation...

Wireshark Security Update (wnpa-sec-2025-07) - Mac OS x

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

OPENSUSE-SU-2025:15769-1 libwireshark19-4.6.1-1.1 on GA media

These are all security issues fixed in the libwireshark19-4.6.1-1.1 package on the GA media of openSUSE Tumbleweed...

Wireshark Security Update (wnpa-sec-2025-05) - Linux

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

EUVD-2015-9292

Malware in sbrugna...

EUVD-2017-9639

Malware in sbrugna...

EUVD-2022-31736

Malicious code in bioql PyPI...

CVE-2025-55013

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...

CVE-2025-55013 Assemblyline 4 Service Client: Arbitrary Write through path traversal in Client code

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...

CVE-2024-5627

The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...

CVE-2025-4594

The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2025-4594 Tournamatch <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2023-43962

Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab...

CVE-2021-30636

In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc...

WordPress plugin WP Helper Premium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-32600 WordPress Tournamatch plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through = 4.7.0...

PT-2024-13150 · Xunruicms · Xunruicms

Name of the Vulnerable Software and Affected Versions: Xunrui CMS Public Edition version 4.6.1 Description: The issue allows a remote attacker to execute arbitrary code via the project name function in the project settings tab. This is a Cross Site Scripting vulnerability. Recommendations: For...

WordPress WP Helper Premium plugin <= 4.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata in WordPress Plugin WP Helper Premium versions = 4.6.1...