12 matches found
Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.22 bug fix and security update
Red Hat OpenShift Container Platform release 4.21.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...
PT-2026-44214
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2026-30329
Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.18 security and extras update
Red Hat OpenShift Container Platform release 4.20.18 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a security impact of...
UBUNTU-CVE-2025-13151
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1expendoctetstring...
CVE-2024-52588
Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery SSRF. This issue has been patched in version 4.25.2...
CVE-2024-8872
The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2023-32393 · WordPress · Word Balloon
Name of the Vulnerable Software and Affected Versions: Word Balloon WordPress plugin versions prior to 4.20.3 Description: The issue allows an unauthenticated attacker to trick a logged-in user into deleting arbitrary avatars by clicking a link, due to a lack of protection against CSRF attacks in...
systeminformation 操作系统操作系统命令注入漏洞
systeminformation is an Npm software library that can obtain operating system information. An operating system command injection vulnerability exists in systeminformation, which stems from a command injection vulnerability in systeminformation prior to version 4.26.2...
WonderLink Yomi-Search Cross-Site Scripting Vulnerability
WonderLink Yomi-Search is a WonderLink application. A versatile search engine. A cross-site scripting vulnerability exists in version 4.22 of Yomi-Search Ver4.22, which originates from the ability to execute arbitrary script on the web browser of a user accessing a website that uses Yomi-Search. ...
CVE-2018-2471
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted...
The vulnerability of the Gentoo Linux operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the file package up to version 4.21 of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...