Astra Linux - уязвимость в jruby

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby, up to 3.2.1. The URI parser improperly handles invalid URLs that contain specific characters. This leads to an increase in the execution time required to parse strings into URI objects. The fixed versions are 0.12.1, 0.11.1...

DEBIAN-CVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

CVE-2026-27042

CVE-2026-27042 affects the WordPress NotificationX plugin (versions <= 3.2.1). The issue is described as a Missing Authorization vulnerability due to incorrectly configured access control in NotificationX, enabling a broken/unauthorized access scenario. Public sources in the connected document...

PT-2026-20585

Name of the Vulnerable Software and Affected Versions Library Management System versions prior to 3.2.2 Description The Library Management System plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the bid parameter is not...

WordPress plugin CashBill.pl – Płatności WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. WordPress...

CVE-2025-49052

Missing Authorization vulnerability in Dariolee Netease Music netease-music allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netease Music: from n/a through = 3.2.1...

CVE-2024-56157

Summary: CVE-2024-56157 affects iTop before versions 3.1.3 and 3.2.1, where inserting malicious code into a CSV during import enables a cross-site scripting (XSS) attack. Affected software: iTop (web-based IT Service Management tool; Combodo). Root cause / vector: CSV import accepts unvalidated/m...

CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

PT-2025-13577 · Leantime · Leantime

Name of the Vulnerable Software and Affected Versions: Leantime versions 3.2.1 and earlier Description: The issue allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in the processMentions function. This is a Cross Site Scripting...

WordPress Easy FAQs plugin <= 3.2.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Easy FAQs versions = 3.2.1...

WordPress WP Dummy Content Generator Plugin <= 3.2.1 is vulnerable to Arbitrary Code Execution

Software WP Dummy Content Generator Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.3.0 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Arbitrary Code Execution CVE CVE-2024-32599 Patch priority Low CVSS severity Low 10 Developer Deepak Anand PSID 517305868c49 Credits...

CVE-2024-31378

Cross-Site Request Forgery CSRF vulnerability in MailMunch MailChimp Forms by MailMunch.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1...

PT-2024-24295 · Pdfcrowd · Save As Image Plugin

Name of the Vulnerable Software and Affected Versions: Save as Image plugin by Pdfcrowd versions 3.2.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

WordPress Save as PDF by Pdfcrowd plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by younsoung kim, SeoHyeon Lee, MyungJu Kim, SeoHee Kang in WordPress Plugin Save as PDF versions = 3.2.1...

OESA-2024-1217 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundati...

PT-2024-2330 · Academy Software Foundation +5 · Openexr +5

Name of the Vulnerable Software and Affected Versions: Academy Software Foundation OpenEXR image parsing library versions 3.2.1 and prior Description: The issue is caused by a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, leading to a...

CVE-2023-5334

The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spresponsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2023-7482 · Cubefs · Cubefs

Name of the Vulnerable Software and Affected Versions: CubeFS versions 3.2.1 and earlier Description: The issue is related to incorrect permission assignment for a critical resource in CubeFS, a cloud data storage system. This can allow a remote attacker to gain unauthorized access to the device...

SUSE CVE-2014-8595

arch/x86/x86emulate/x86emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service crash via a crafted 1 CALL, 2 JMP, 3 RETF, 4 LCALL, 5 LJMP, or 6 LRET far branch instruction...

PYSEC-2022-236

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to...