9 matches found
CVE-2026-27468
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...
Security Bulletin: MANTA Automated Data Lineage for IBM Cloud Pak for Data is vulnerable to Critical Security Vulnerability in React Server Components CVE-2025-55182
Summary MANTA Automated Data Lineage for IBM Cloud Pak for Data is affected by React Server Components CVE-2025-55182. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1...
WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.5.0 - Missing Authorization to Donation Update vulnerability
Missing Authorization to Donation Update vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin GiveWP versions = 4.5.0...
abs-auth-rbac-core (>=0.1.15 <=0.5.4), airdot (>=0.3.0b0 <=0.6.0b0) +45 more potentially affected by CVE-2023-28858 via redis (>=4.5.0 <=4.5.2)
redis PYPI version =4.5.0, =0.1.15, =0.3.0b0, =23.2.9, =1.1.87, =0.0.25, =1.1.0, =1.0.0, =0.13.0, =1.0.0, =0.3.0, =4.7.0, =4.7.3 and more Source cves: CVE-2023-28858 Source advisory: OSV:GHSA-24WV-MV5M-XV4H...
SUSE CVE-2010-2575
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via ...
WAGO M&M Software fdtCONTAINER (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Equipment: fdtCONTAINER Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
CVE-2017-18094
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 the fixed version for 4.4.x and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the base path setting of a configured fi...
Creative X-Cart Cross-Site Scripting Vulnerability
Creative X-Cart is a Russian company Creative open source PHP e-commerce software . The software provides favorites , order records and inventory management modules. A cross-site scripting vulnerability exists in Creative X-Cart 4.5.0 and earlier versions. A remote attacker can exploit this...
Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper...