PT-2026-33404

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubio rest pre insert import assets function, which is hooked to the rest pre insert post type filter for posts, pages, templates, and...

PT-2026-1267

Name of the Vulnerable Software and Affected Versions WP Swings Wallet System for WooCommerce versions through 2.7.2 Description A flaw exists in WP Swings Wallet System for WooCommerce that allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent...

PT-2025-15770 · Unknown · Wetterwarner

Name of the Vulnerable Software and Affected Versions: Wetterwarner versions n/a through 2.7.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables potential attackers to inject...

CVE-2024-43282

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2...

PT-2024-30371 · Bitly · Bitly

Name of the Vulnerable Software and Affected Versions: Bitly versions n/a through 2.7.2 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions n/a through 2.7.2, update to a...

PT-2024-30447 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions through 2.7.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation. To stay secure, it is...

WordPress GutSlider – All in One Block Slider plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin GutSlider – All in One Block Slider versions = 2.7.2...

PT-2023-17692 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions 2.6.x and earlier Harbor versions 2.7.2 and earlier Harbor versions 2.8.2 and earlier Harbor versions 1.10.17 and earlier Description: A timing condition in Harbor allows an attacker with network access to create jobs, stop jo...

PT-2023-8462 · Ibm +4 · Ibm Spectrum Fusion Hci +4

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Fusion HCI versions 2.5.2 through 2.7.2 Description: The issue is related to improper bucket access in the RGW service of the Ceph data storage system. It allows an attacker to perform unauthorized actions by exploiting the lack ...

Vulnerability fixed in Rancher

A vulnerability has been fixed in Rancher. The vulnerability is located in the update mechanism. Systems that used the internal update mechanism used to upgrade from versions 2.6.x and 2.7.x upgrade to 2.7.2 are vulnerable. Systems initially installed on version 2.7.2 are not vulnerable. Due to a...

SUSE CVE-2022-29196

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...

CVE-2020-15221

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0...

CVE-2020-15220

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0...

Design/Logic Flaw

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0...

Design/Logic Flaw

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0...

Design/Logic Flaw

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0...

Combodo iTop SQL注入漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A SQL injection vulnerability exists in Combodo iTop versio...

PT-2021-9740 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 3.0.0 Description: The issue concerns a web-based IT Service Management tool where two cookies are created for the same session, potentially allowing user session theft...

WordPress SportsPress plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress SportsPress versions prior to 2.7.2. The...

PYSEC-2020-152

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...