30 matches found
CVE-2026-24126
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...
SUSE CVE-2026-24126
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...
CVE-2026-24999
CVE-2026-24999 concerns WordPress plugin “Alma gateway for WooCommerce” (WordPress Alma plugin
CVE-2026-24126
CVE-2026-24126 (Weblate) : The SSH host-key management endpoint accepts the admin-supplied host value and forwards it to ssh-keyscan without validation, enabling argument injection and potential arbitrary local-file read by the web server user. Affected: Weblate versions ≤ 5.15.2; Impact: read se...
CVE-2026-24126 Weblate has an argument injection in management console
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...
SUSE CVE-2026-25934
go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...
GHSA-37CX-329C-33X3 go-git improperly verifies data integrity values for .idx and .pack files
Impact A vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch...
DEBIAN-CVE-2026-25934
go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...
CVE-2026-25934 go-git improperly verifies data integrity values for .idx and .pack files
go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...
PT-2026-7181
Name of the Vulnerable Software and Affected Versions go-git versions prior to 5.16.5 Description go-git is a Git implementation library written in Go. A flaw exists in how go-git handles the integrity verification of .pack and .idx files. Specifically, data integrity values were not properly...
DEBIAN-CVE-2025-26619
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...
CMSimple 安全漏洞
CMSimple is a free content management system from CMSimple open source. A security vulnerability exists in CMSimple version 5.16 that originates from allowing a user to read cms source code by manipulating the filename in the file parameter of a GET request...
PT-2025-3467 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue in CMSimple is related to insufficient protection of internal data in the link validation function. This can be exploited by a remote attacker to obtain sensitive information via a crafted script...
PT-2025-3470 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue allows a user to read the CMS source code by manipulating the file name in the file parameter of a GET request. This is due to incorrect restriction of the path name to a directory with limited...
WordPress plugin Abandoned Cart Lite for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Vilo Mesh WiFi System 访问控制错误漏洞
Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo Mesh WiFi System version 5.16.1.33 and earlier, which stems from a lack of authentication and allows a remote, unauthenticated attacker to retrieve logs using a sensitive system...
Vilo 5 Mesh WiFi System 安全漏洞
Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo 5 Mesh WiFi System version 5.16.1.33 and earlier, which stems from the presence of a buffer overflow vulnerability that could allow a remote, unauthenticated attacker to execute arbitrary code via an...
Vilo Mesh WiFi System 安全漏洞
Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo Mesh WiFi System version 5.16.1.33 and earlier, which stems from the presence of a directory traversal vulnerability that could allow a remote, unauthenticated attacker to enumerate the existence and...
CVE-2024-6339
The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-37135
DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable applicatio...