CVE-2026-32612 Statamic: privilege escalation via stored cross-site scripting

Statamic is a Laravel and Git powered content management system CMS. Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Th...

OPENSUSE-SU-2026:10116-1 python311-pypdf-6.6.2-1.1 on GA media

These are all security issues fixed in the python311-pypdf-6.6.2-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-24688

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...

pypdf has possible Infinite Loop when processing outlines/bookmarks

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. Patches This has been fixed in pypdf 6.6.2. Workarounds If projects cannot upgrade yet, consider applying the changes from PR 3610...

Rainbowfish RainbowFish PacsOne Server 安全漏洞

Rainbowfish RainbowFish PacsOne Server is an image archiving and communication system server from Rainbow Software Rainbowfish, USA. The system should be used to save incoming images. A security vulnerability exists in Rainbowfish RainbowFish PacsOne Server version 6.6.2, which stems from a...

CVE-2024-30454

Cross-Site Request Forgery CSRF vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2...

CVE-2024-45793

Confidant is a open source secret management service that provides user-friendly storage and access to secrets. The following endpoints are subject to a cross site scripting vulnerability: GET /v1/credentials, GET /v1/credentials/, GET /v1/archive/credentials/, GET /v1/archive/credentials, POST...

CVE-2025-39546

CVE-2025-39546 – A CSRF vulnerability in WordPress plugin ElementsReady Addons for Elementor affects versions up to and including 6.6.2. Descriptions from NVD, Red Hat, and Patchstack confirm the CSRF issue and the affected product/version range. Patchstack indicates the vulnerability has been pa...

Fedora 41 : mingw-qt6-qt3d / mingw-qt6-qt5compat / mingw-qt6-qtactiveqt / etc (2024-350e1aaa3c)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-350e1aaa3c advisory. Update to 6.6.2. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Prevent XSS from Confidant API call

Impact What kind of vulnerability is it? Who is impacted? Potential XSS from API calls below: GET /v1/credentials GET /v1/credentials/ GET /v1/archive/credentials/ GET /v1/archive/credentials POST /v1/credentials PUT /v1/credentials/ PUT /v1/credentials// GET /v1/services GET /v1/services/ GET...

PT-2024-31774 · Confidant · Confidant

Name of the Vulnerable Software and Affected Versions: Confidant versions prior to 6.6.2 Description: The issue is a cross-site scripting XSS vulnerability that affects various API endpoints in Confidant, an open-source secret management service. These endpoints include GET /v1/credentials, GET...

CVE-2024-25580 affecting package qtbase for versions less than 6.6.2-1

CVE-2024-25580 affecting package qtbase for versions less than 6.6.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-51714 affecting package qtbase for versions less than 6.6.2-1

CVE-2023-51714 affecting package qtbase for versions less than 6.6.2-1. An upgraded version of the package is available that resolves this issue...

DEBIAN-CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...

PT-2021-11868 · WordPress · Aam Advanced Access Manager

Name of the Vulnerable Software and Affected Versions: Advanced Access Manager plugin versions prior to 6.6.2 Description: The issue arises when the Advanced Access Manager plugin for WordPress displays the unfiltered user object, including all metadata, upon login via the REST API at endpoints...

Apache Solr 1.2.0 < 6.6.2 XML Entity Expansion

This vulnerability in Apache Solr 1.2 parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server. Note that the scanner has not tested for these issues but has instead relied only on the application's...

GHSA-3PPH-2595-CGFH There is a XML external entity expansion (XXE) vulnerability in Apache Solr

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...

Apache Solr 5.x < 5.5.5 / 6.x < 6.6.2 / 7.x < 7.1.0 Multiple Vulnerabilities

The version of Apache Solr running on the remote web server is affected by multiple vulnerabilities as referenced in the advisory. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104353; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...

Tenable Nessus Privilege Escalation Vulnerability

Tenable Nessus is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...