CVE-2026-45028 Astro: Server island encrypted parameters vulnerable to cross-component replay

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

WordPress Display Eventbrite Events plugin <= 6.1.10 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Display Eventbrite Events versions = 6.1.10...

EUVD-2025-93526

Improper access control for some SigTest before version 6.1.10 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially...

EUVD-2022-33585

Malicious code in bioql PyPI...

PT-2024-13794 · Unknown · Awesome Support

Name of the Vulnerable Software and Affected Versions: Awesome Support versions through 6.1.10 Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For versions through...

WordPress plugin Awesome Support 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2023-34966 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.1.10 Description: The issue is related to an out of bounds read warning in gcc-11. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to 6.1.10...

CVE-2022-29223 Buffer overflow on HUB descriptor in Azure RTOS USBX

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with bNbPorts set to a value greater than UXMAXTT which defaults to 8. For a bNbPorts value of...

UBUNTU-CVE-2017-3635

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/C. Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors...

Liferay Portal 6.1.0 / 6.1.10 Arbitrary File Deletion

According to its self-reported version, the installation of Liferay Portal hosted on the remote web server is affected by an arbitrary file deletion vulnerability. A user who has permission to delete an attachment in the Wiki portlet can delete any arbitrary file on the server. Note that Nessus h...