EUVD-2026-5345

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...

PT-2026-6307

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 6.3.6 Wagtail versions prior to 7.0.4 Wagtail versions prior to 7.1.3 Wagtail versions prior to 7.2.2 Wagtail versions prior to 7.3 Description Wagtail, an open source content management system built on Django, contai...

CVE-2025-57947 WordPress Photo Gallery by Ays Plugin <= 6.3.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Photo Gallery by Ays allows DOM-Based XSS. This issue affects Photo Gallery by Ays: from n/a through 6.3.6...

WordPress plugin Photo Gallery by Ays 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

Path traversal

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests...

CVE-2023-23784

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests...

CVE-2023-23780

A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests...

Splunk Enterprise 6.2.x < 6.2.11, 6.3.x < 6.3.6, 6.4.x < 6.4.2 Open Redirect Vulnerability

Splunk Enterprise is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk"; if...

Splunk Enterprise Multiple OpenSSL Vulnerabilities (SP-CAAAPQM)

Splunk Enterprise is prone to multiple OpenSSL vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk"; i...

IBM Tivoli Storage Manager elevation of privilege vulnerability (CNVD-2015-07342)

IBM Tivoli Storage Manager is an American IBM data protection platform that provides organizations with a single point of control and management for storage management needs. An elevation of privilege vulnerability exists in IBM Tivoli Storage Manager version 6.3 prior to 6.3.6 and version 7.1...

Fedora Update for fetchmail FEDORA-2007-041

Check for the Version of fetchmail OpenVAS Vulnerability Test Fedora Update for fetchmail FEDORA-2007-041 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

fetchmail not enforcing TLS for POP3 properly

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle MITM attacks...

Security fix for the ALT Linux 6 package fetchmail version 6.3.6-alt1

Jan. 8, 2007 Michael Shigorin 6.3.6-alt1 - 6.3.6: minor security update CVE-2006-5867, CVE-2006-5974 - replaced Debian menufile with Freedesktop one - spec macro abuse cleanup - NB: added Packager: but I don't use fetchmail for quite a while...

CVE-2006-5867

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle MITM attacks...