Astra Linux - уязвимость в node-tar

The npm package “tar” also known as node-tar in versions prior to 4.4.16, 5.0.8, and 6.1.7 has vulnerabilities related to arbitrary file creation/overwriting and arbitrary code execution. node-tar aims to ensure that any file whose location would be modified by a symbolic link is not extracted...

CVE-2026-32513

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...

EUVD-2024-28459

Malicious code in bioql PyPI...

CVE-2025-25289

@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

CVE-2025-25289

CVE-2025-25289 describes a ReDoS vulnerability in the octokit request-error handling. Prior to v6.1.7, an authorization header containing a long sequence of spaces followed by a newline and “@” could cause exponential regular-expression processing, leading to high resource consumption and potenti...

PT-2024-13823 · Unknown · Awesome Support

Name of the Vulnerable Software and Affected Versions: Awesome Support versions through 6.1.7 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For versions through 6.1.7...

WordPress plugin Woo Manage Fraud Orders 日志信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A log information...

PT-2024-16358 · WordPress · Woo Manage Fraud Orders

Name of the Vulnerable Software and Affected Versions: Woo Manage Fraud Orders plugin for WordPress versions 6.1.7 and earlier Description: The issue allows unauthenticated attackers to view potentially sensitive information about users contained in publicly exposed log files. This is possible du...

WordPress Woo Manage Fraud Orders plugin <= 6.1.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Woo Manage Fraud Orders versions = 6.1.7...

WordPress 6.1.x < 6.1.7 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

CVE-2024-35741

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7...

WordPress plugin Awesome Support security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2024-30539

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7...

WordPress plugin Awesome Support security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-23468 · Unknown · Awesome Support

Name of the Vulnerable Software and Affected Versions: Awesome Support versions 6.1.7 and earlier Description: The issue is related to a Missing Authorization vulnerability in Awesome Support Team Awesome Support. Recommendations: For versions 6.1.7 and earlier, update to a version later than 6.1...

admin-console 跨站脚本漏洞

admin-console is a Sequent open source Agora core view management interface. A cross-site scripting vulnerability exists in admin-console version 6.1.7 and earlier. An attacker could exploit this vulnerability to perform a cross-site scripting attack...

BIT-ESPOCRM-2021-3539

EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...

WordPress Plugin Awesome Support Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-15675 · WordPress · The Awesome Support – Wordpress Helpdesk & Support Plugin

Name of the Vulnerable Software and Affected Versions: The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress versions up to, and including, 6.1.7 Description: The issue is related to a union-based SQL Injection vulnerability via the q parameter of the wpas get users actio...

GSD-2023-1002022 netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...