OPENSUSE-SU-2026:10954-1 kernel-devel-7.0.11-1.1 on GA media

These are all security issues fixed in the kernel-devel-7.0.11-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-6692

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...

Authenticated Arbitrary File Upload Vulnerability Patched in Slider Revolution 7 WordPress Plugin

On April 18th, 2026, we received a submission for an Authenticated Arbitrary File Upload vulnerability in Slider Revolution, a WordPress plugin. Although the plugin has more than 5,000,000 active installations, we estimate that only around 45,000 sites are using a vulnerable version, as the issue...

EUVD-2018-8171

Malware in sbrugna...

CVE-2024-23666

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through...

SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2023:2122-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2122-1 advisory. - Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCA...

CVE-2023-28856

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

PT-2023-3517

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 6.0.19 Redis versions prior to 6.2.12 Redis versions prior to 7.0.11 Description: The issue is related to insufficient input validation in the Redis database management system. Exploitation of this issue can allow a...

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2021-4104)

Summary IBM Cúram Social Program Management uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION...

Security Bulletin: Vulnerability in jsoup may affect Cúram Social Program Management (CVE-2021-37714)

Summary IBM Cúram Social Program Management uses the jsoup libraries, for which there is a publicly known vulnerability. For this vulnerability jsoup is susceptible to a denial of service attack, caused by improper input validation. Vulnerability Details CVEID: CVE-2021-37714 DESCRIPTION: jsoup i...

编号撤回

ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. A memory leak vulnerability exists in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c in ImageMagick version 7.0.11-14. No details of the...

Design/Logic Flaw

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to...

CVE-2021-20309

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to...

IBM Cúram Social Program Management 跨站请求伪造漏洞

IBM Curam Social Program Management is a suite of social program management solutions from IBM in the United States that support the end-to-end social program delivery process. A cross-site request forgery vulnerability exists in IBM Curam Social Program Management 7.0.9, 7.0.11. An attacker coul...

idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-19090)

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in the admincp.php file in version 7.0.11 of idreamsoft iCMS. The vulnerability stems from the detection of CSRFTOKEN when it does not exist, and the program...

CVE-2018-14858

An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spidertools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514...

REDCap SQL Injection Vulnerability

REDCap is a free, secure, web-based application sponsored by a multi-institutional consortium at Vanderbilt University USA. It is designed to support data mining research. file upload handler is one of the file upload applications. A SQL injection vulnerability exists in file upload handler in...

CVE-2017-7351

A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload...

Apache Tomcat 'ServletSecurity' Annotations Security Bypass Vulnerability - Linux

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

Apache Tomcat 'ServletSecurity' Annotations Security Bypass Vulnerability - Windows

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...