Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the token revocation process. An attacker can maintain unauthorized access by using a stolen access token that was issued with no expiration, as the token cannot be invalidated through...

EUVD-2025-209102

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...

CVE-2025-15615

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...

CVE-2026-32983

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...

CVE-2026-32983

The CVE-2026-32983 entry concerns Wazuh Manager’s authd service in wazuh-manager packages up to version 4.7.3. The vulnerability arises from an improper restriction on client-initiated SSL/TLS renegotiation, allowing remote attackers to induce a denial of service by sending excessive renegotiatio...

CVE-2023-50876

Missing Authorization vulnerability in Molongui Molongui allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Molongui: from n/a through 4.7.3...

EUVD-2017-15871

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-17515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...

Linux Distros Unpatched Vulnerability : CVE-2017-6814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist...

CVE-2025-26886 WordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Authors publishpress-authors allows SQL Injection.This issue affects PublishPress Authors: from n/a through = 4.7.3...

WordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Webula Patchstack Alliance in WordPress Plugin PublishPress Authors versions = 4.7.3...

WordPress plugin Button contact VR 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2024-30514 · Unknown · Virustran Button Contact Vr

Name of the Vulnerable Software and Affected Versions: VirusTran Button contact VR versions 4.7.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS Cross-site Scripting attacks. This means an attacker could...

WordPress XCloner plugin <= 4.7.3 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin XCloner versions = 4.7.3...

WordPress theme UDesign 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme UDesign version 4.7.3 and prior versions, whic...

PT-2024-29031 · Andondesign · Udesign

Name of the Vulnerable Software and Affected Versions: AndonDesign UDesign versions n/a through 4.7.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Golang Go [CVE-2023-29402]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Golang Go, caused by the generation of unexpected code at build time when using cgo CVE-2023-29402. Golang Go is included as part of the operators used by our Speech Services. This...

PT-2023-17224 · Canon · Canon Ij Network Tool +1

Name of the Vulnerable Software and Affected Versions: Canon IJ Network Tool versions 4.7.5 and earlier IJ Network Tool versions 4.7.3 and earlier Description: The issue allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the...

baserCMS File Uploader Remote Code Execution (RCE) vulnerability

Impact There is a Remote Code Execution RCE Vulnerability on the management system of baserCMS. Target baserCMS 4.7.3 and earlier versions Patches Update to the latest version of baserCMS Credits 島峰泰平＠三井物産セキュアディレクション株式会社...

PT-2022-21153 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 3.18.6 Rocket.Chat versions prior to 4.4.4 Rocket.Chat versions prior to 4.7.3 Description: A SQL injection issue exists, allowing an attacker to retrieve a reset password token or a 2fa secret. Recommendations:...