PT-2025-51084

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle rest pre dispatch function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers...

JLSEC-2025-317 A vulnerability was found in LibTIFF up to 4.7.0

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function gethistogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the publi...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2025-2421)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-40110 · Amazon · Cloudwatch +2

Name of the Vulnerable Software and Affected Versions: SageMaker Training Toolkit versions 4.7.0 through 4.7.4 Description: The issue concerns the logging of authorization tokens for CodeArtifact in log files when the CodeArtifact capability is enabled. These tokens have an expiration of 12 hours...

PT-2022-6688 · Netbotz 4 · Netbotz 4

Name of the Vulnerable Software and Affected Versions: NetBotz 4 versions 4.7.0 and prior Description: A vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. This issue is related to improper...

PT-2020-15408 · Jenkins · Jenkins Echarts Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ECharts API Plugin versions 4.7.0-3 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the display name of the builds in the trend chart. This can be exploited by use...

PT-2020-15407 · Jenkins · Jenkins Echarts Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ECharts API Plugin versions 4.7.0-3 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the parser identifier when rendering charts. This can be exploited by users wit...

CVE-2017-2166

Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

WordPress REST API content injection vulnerability

1.漏洞信息： WordPress是一个以PHP和MySQL为平台的自由开源的博客软件和内容管理系统。在4.7.0版本后，REST API插件的功能被集成到WordPress中,由此也引发了一些安全性问题。近日，一个由REST API引起的影响WorePress4.7.0和4.7.1版本的漏洞被披露，该漏洞可以导致WordPress所有文章内容可以未经验证被查看，修改，删除，甚至创建新的文章，危害巨大。 2.漏洞影响版本： WordPress 4.7.0 WordPress 4.7.1 3.复现环境: Apache2.4 PHP 7.0 WordPress 4.7.1 4.复现过程:...

Holes in Actinic E-commerce services.

http://www.actinic.com http://www.actinic.co.uk/ http://www.actinic-europe.com/ Versions : 4.7.0 & - With the files : bb|000|001|.pl ca| |002| os| |003| sh| |004| ss| |005| | |006| | |007| | |009| | |010| | |011| | |012| | |020| | |036| | |045| | |046| | |137| | |143| | |410| referrer.pl...