CVE-2025-62367

Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0...

CVE-2025-62368 Taiga Authenticated Remote Code Execution

Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0...

CVE-2025-62367

Taiga (open source project management platform) – CVE-2025-62367 affects Taiga API in versions 6.8.3 and earlier, where a time-based blind SQL injection can disclose sensitive data via response timing. Root cause: improper handling of API input enabling blind SQL injection. Impact: potential expo...

CVE-2025-6338

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...

EUVD-2024-35500

Malicious code in bioql PyPI...

Security advisory: Recently discovered Use After Free issue in QHttp2ProtocolHandler impacts Qt

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This has been assigned the CVE id CVE-2025-5991. Affected versions: Qt version 6.9.0. This is fixed in 6.9.1. Impact: This only affects HTTP/2 handling, HTTP handling is not affected by this at all...

CVE-2025-5991 Use after free in QHttp2ProtocolHandler

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...

Fedora 41 : php-tcpdf (2025-85549e07c8)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-85549e07c8 advisory. Version 6.9.1 2025-04-03 - Fixed Path Traversal security vulnerability reported by Positive Technologies. ---- Version 6.9.0 2025-03-30 - Added PHP 8.4...

CVE-2024-12118 The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the htmltag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

PT-2024-16491 · Woocommerce · Booking & Appointment Plugin For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booking & Appointment Plugin for WooCommerce version 6.9.0 and earlier Description: The issue is related to a missing capability check in the save google calendar data function, allowing authenticated attackers with subscriber-level permissio...

WordPress Booking & Appointment Plugin for WooCommerce Plugin <= 6.9.0 is vulnerable to Broken Access Control

Software Booking & Appointment Plugin for WooCommerce Type Plugin Vulnerable versions = 6.9.0 Fixed in 6.10.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10729 Patch priority High CVSS severity High 8.8 Developer Claim ownership PS...

PT-2024-28075

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.9.0-rc6 Description The issue arises from the reinitialization of the whole EST structure, which resets the mutex lock embedded in the EST structure and triggers a warning. To address this, the lock is moved to...

PT-2024-22067 · WordPress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress versions up to, and including, 6.9.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient...

WordPress GamiPress Plugin <= 6.9.0 is vulnerable to Cross Site Scripting (XSS)

Software GamiPress Type Plugin Vulnerable versions = 6.9.0 Fixed in 6.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2783 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8fbfaab2d300 Credits Krzysztof Zając Required...

Druva 操作系统操作系统命令注入漏洞

Druva is a large-scale SaaS platform from US-based Druva, Inc. bringing the simplicity, scalability and security of the public cloud to enterprise data protection and management. Druva version 6.9.0 suffers from an operating system command injection vulnerability that originates from allowing an...

PT-2022-10532 · Druva · Druva

Name of the Vulnerable Software and Affected Versions: Druva version 6.9.0 Description: An issue in Druva for MacOS allows attackers to gain escalated local privileges via the inSyncDecommission. Recommendations: For Druva version 6.9.0, at the moment, there is no information about a newer versio...

WordPress plugin WPCargo Track & Trace 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

SUSE: Security Advisory (SUSE-SU-2019:2081-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-7110

ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher...

CVE-2020-7111

A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher...