CVE-2026-7179

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversa...

CVE-2025-67964

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through = 2.4.3...

CVE-2025-13183 Stored XSS in Hotech's Otello

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hotech Software Inc. Otello allows Stored XSS. This issue affects Otello: from 2.4.0 before 2.4.4...

EUVD-2025-203246

The MarqueeAddons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial Marquee widget in all versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-67590 WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through = 2.4.3...

CVE-2025-61136

A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's urlforexternal=True generates reset links without a fixed SERVERNAM...

RTSPtoWeb 安全漏洞

RTSPtoWeb is an RTSP to Web converter by the individual developer Andrey Semochkin. A security vulnerability exists in RTSPtoWeb version 2.4.3, which stems from the lack of an authentication mechanism and could lead to the disclosure of sensitive information and the execution of arbitrary code...

WordPress WooCommerce Store Toolkit plugin <= 2.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin WooCommerce Store Toolkit versions = 2.4.3...

QNAP Systems QuRouter 安全漏洞

QNAP Systems QuRouter is a router management system from China Weilian Technology QNAP Systems. A security vulnerability exists in QNAP Systems QuRouter prior to version 2.4.3.103, which stems from the inclusion of an operating system command injection vulnerability...

CVE-2024-29092

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3...

PT-2023-15057 · Unknown · Kodex Posts Likes Plugin

Name of the Vulnerable Software and Affected Versions: Kodex Posts likes plugin versions = 2.4.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

AZL-7160 CVE-2022-22826 affecting package expat for versions less than 2.4.3-1

nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

DEBIAN-CVE-2022-22823

buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

PT-2022-1586 · Expat +12 · Expat +12

Name of the Vulnerable Software and Affected Versions: Expat aka libexpat versions prior to 2.4.3 Description: The issue is related to an integer overflow in the lookup function of the xmlparse.c file in the Expat library. This can potentially allow a remote attacker to cause a denial of service...

PYSEC-2021-305

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

CVE-2019-1678

A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service DoS to Cisco Meetings application users who are paired with a Session Initiation Protocol SIP endpoint. The vulnerability is due to improper validation of coSpaces...

CVE-2018-2792

Vulnerability in the Hardware Management Pack component of Oracle Sun Systems Products Suite subcomponent: Ipmitool. The supported version that is affected is Prior to 2.4.3. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...