CVE-2026-6493

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

CVE-2026-6493 lukevella rallly Reset Password reset-password-form.tsx cross site scripting

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

Joomla HikaShop 跨站脚本漏洞

Joomla HikaShop is an open-source e-commerce website building and online store management extension developed by HikaShop. Version 4.7.4 of Joomla HikaShop contains a cross-site scripting vulnerability, which stems from improper handling of GET parameters. This vulnerability may lead to...

EUVD-2024-37545

Malicious code in bioql PyPI...

WordPress WP ULike plugin <= 4.7.4 - Cross-Site Request Forgery to Statistic Deletion vulnerability

Cross-Site Request Forgery to Statistic Deletion vulnerability discovered by Bilal Chawich Duke in WordPress Plugin WP ULike versions = 4.7.4...

WordPress Moloni plugin <= 4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Moloni versions = 4.7.4...

WordPress plugin AI Infographic Maker security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-15177 · WordPress · The Author Box

Name of the Vulnerable Software and Affected Versions: The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress versions up to, and including, 4.7.4 Description: The issue allows unauthenticated attackers to extract sensitive data, including post author emails an...

SUSE CVE-2019-10195

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with...

WordPress Video Embed & Thumbnail Generator plugin < 4.7.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Video Embed & Thumbnail Generator plugin versions 4.7.4. Solution Update the WordPress Video Embed & Thumbnail Generator plugin to the latest available version at least 4.7.4...

CVE-2021-4134

The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the /inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensiti...

WordPress Filebird plugin 4.7.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Ravi Chandra in WordPress Filebird plugin version 4.7.3. Solution Update the WordPress Filebird plugin to the latest available version at least 4.7.4...

PYSEC-2019-168

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with...

openSUSE Security Update : xen (openSUSE-2017-1322)

This update for xen to version 4.7.4 bsc1027519 fixes several issues. This new feature was added : - Support migration of HVM domains larger than 1 TB These security issues were fixed : - bsc1068187: Failure to recognize errors in the Populate on Demand PoD code allowed for DoS XSA-246 -...

Security update for xen (important)

This update for xen to version 4.7.4 bsc1027519 fixes several issues. This new feature was added: - Support migration of HVM domains larger than 1 TB These security issues were fixed: - bsc1068187: Failure to recognize errors in the Populate on Demand PoD code allowed for DoS XSA-246 - bsc1068191...

SUSE-SU-2017:3178-1 Security update for xen

This update for xen to version 4.7.4 bsc1027519 fixes several issues. This new feature was added: - Support migration of HVM domains larger than 1 TB These security issues were fixed: - bsc1068187: Failure to recognize errors in the Populate on Demand PoD code allowed for DoS XSA-246 - bsc1068191...

WordPress Password Reset CVE-2017-8295 Security Bypass Vulnerability - Linux

WordPress is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

Light Alloy 4.7.3 (.m3u) - SEH Buffer Overflow (Unicode)

No description provided by source. !/usr/bin/perl Exploit Title: Light Alloy 4.7.3 .m3u - SEH Buffer Overflow Unicode Date: 11-18-2013 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: Light Alloy v4.7.3 Vendor Site: http://www.light-alloy.ru/ Vulnerable Software Link:...

Gentoo Security Advisory GLSA 201206-02 (qt-gui)

The remote host is missing updates announced in advisory GLSA 201206-02. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...