openwebui-token-tracking (>=0.1.7 <=0.1.10), sillikalm (>=0.1.0 <=0.1.5) potentially affected by CVE-2026-44553 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44553 Source advisory: SNYK:PYTHON-OPENWEBUI-16599150...

WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Silencesoft RSS Reader versions = 0.6...

WordPress Silencesoft RSS Reader plugin <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion vulnerability

Cross-Site Request Forgery to RSS Feed Deletion vulnerability discovered by Nabil Irawan in WordPress Plugin Silencesoft RSS Reader versions = 0.6...

WordPress plugin Get Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-4563 · Unknown · Ics Button

Name of the Vulnerable Software and Affected Versions: ICS Button versions 0.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. This enables attackers to inject malicious...

WordPress Add image to Post plugin <= 0.6 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Add image to Post versions = 0.6...

WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin SC filechecker versions = 0.6...

PT-2024-10728 · Hiveos · Hiveos

Name of the Vulnerable Software and Affected Versions: HiveOS versions 0.6-102@191212 and earlier Description: The issue allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io, as SSH host keys are baked into the installation image. The vendor...

PT-2022-11686 · Unknown · Cronvel Tree-Kit

Name of the Vulnerable Software and Affected Versions: cronvel tree-kit versions up to 0.6.x Description: A problematic vulnerability has been found, affecting an unknown part of the software. The issue leads to improperly controlled modification of object prototype attributes, also known as...

cn.acooly:acooly-auth-google-authenticator (=5.2.1), cn.acooly:acooly-auth-parent (=5.2.1) +238 more potentially affected by CVE-2019-1010206 via com.github.kevinsawicki:http-request (>=0.6 <=6.0)

com.github.kevinsawicki:http-request MAVEN version =0.6, =6.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.github.kevinsawicki:http-request and may be impacted: - cn.acooly:acooly-auth-google-authenticator =5.2.1 - cn.acooly:acooly-auth-parent...

PT-2022-18852 · Jenkins · Jenkins Sitemonitor Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SiteMonitor Plugin version 0.6 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because URLs of sites to monitor in tooltips are not properly escaped, allowing attackers with...

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service which becomes unresponsive after this flaw is triggered.

...

UBUNTU-CVE-2021-3468

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is...

Budabot Denial of Service Vulnerability

Budabot is an online communication system. A security vulnerability exists in modules/HELPBOTMODULE in Budabot versions 0.6 through 4.0, which stems from the program's failure to perform strict syntax checking. An attacker can exploit the vulnerability to inject commands and cause a denial of...

Piwik 0.5.5 - &#039;form_url&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/39144/info Piwik is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

DEBIAN-CVE-2006-3379

Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service CPU consumption by performing a diff between large, crafted pages that trigger the worst case...