16 matches found
Fedora 43 : moby-engine (2026-0feb6e4967)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0feb6e4967 advisory. - Update to release v29.6.0 - Resolves: rhbz2490590 - Resolves CVE-2026-39828: rhbz2489945 - Resolves CVE-2026-39829: rhbz2490099 - Resolves...
CVE-2026-43881
WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin call...
CVE-2026-47694
WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes whe...
CVE-2026-43885
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints e.g. userslist without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an...
PT-2026-43463
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description Certain components, including EpgParser.php and plugin/AI/receiveAsync.json.php, fail to utilize the $resolvedIP out-parameter of the isSSRFSafeURL function for DNS pinning via CURLOPT RESOLVE...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from incomplete XSS repairs in the ParsedownSafeWithLinks class, as well as the lack of coverage for...
EUVD-2026-19176
A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks...
CVE-2025-46598
Bitcoin Core through 29.0 allows a denial of service via a crafted transaction...
CVE-2025-54605
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption issue 2 of 2...
CVE-2025-54604
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption issue 1 of 2...
Bitcoin Core 安全漏洞
Bitcoin Core is a Bitcoin open source client for verifying the validity of blockchain transactions. A security vulnerability exists in Bitcoin Core version 29.0 and earlier, which stems from uncontrolled resource consumption...
CVE-2025-54604
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption issue 1 of 2...
CVE-2025-54605
CVE-2025-54605 affects Bitcoin Core up to version 29.0, with an issue described as Uncontrolled Resource Consumption. The connected documents consistently state the vulnerability outcome but do not provide concrete exploit paths, affected subcomponents, or a confirmed fix/patch version. The impac...
WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection
Exploit Title: WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection Date: 2024-03-25 Exploit Author: Ivan Spiridonov - xbz0n Software Link: https://codecanyon.net/item/woocommerce-customers-manager/10965432 Version: 29.4 Tested on: Ubuntu 22.04 CVE: CVE-2024-0399 SQL Injection Th...
IBM Spss Statistics 加密问题漏洞
IBM Spss Statistics is a software package from International Business Machines IBM, Inc. It is used for interactive or batch statistical analysis. An encryption issue vulnerability exists in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2, which stems from the use of a weak encrypti...
UBUNTU-CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...