17 matches found
CVE-2026-39079
An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...
CVE-2026-5928
CVE-2026-5928 affects glibc’s ungetwc on FILE streams with wide characters where overlaps between single-byte and multi-byte encodings occur, in version 2.43 or earlier. A bug in the wide character pushback (_IO_wdefault_pbackfail) causes ungetwc() to operate on the regular input buffer (fp->_...
CowAgent 访问控制错误漏洞
CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Versions of CowAgent 2.0.4 and earlier contained a security vulnerability related to access control. This vulnerability stemmed from the absence of authentication in the Agent Mode...
Unity Linux 20.1070a Security Update: glibc (UTSA-2026-007101)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007101 advisory. The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a...
SUSE CVE-2026-27447
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...
WordPress plugin PostmarkApp Email Integrator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in...
WordPress WC Affiliate plugin < 2.4 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WC Affiliate versions 2.4...
WordPress plugin Category Post Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...
WordPress plugin Simple Giveaways 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Magento is affected by an improper input validation vulnerability
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve information exposure and privile...
webTareas SQL注入漏洞
webTareas is a web-based open source collaboration tool. The product supports project management, bug tracking, content management and meeting management. A SQL injection vulnerability exists in webTareas version 2.4p3 and earlier versions, which stems from the $uq parameter of...
Wireshark epan/dissectors/packet-isup.c file memory leak vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the epan/dissectors/packet-isup.c file in Wireshark...
Wireshark ui/failure_message.c file memory leak vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the ui/failuremessage.c file in Wireshark versions...
Wireshark FCP Protocol Parser Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.FCP protocol dissector is one of the FCP mesh channel protocol parsers. A securi...
DEBIAN-CVE-2018-7332
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length...
Apache Groovy Remote Code Execution Vulnerability
Apache Groovy is a JVM-based agile development language from the Apache Apache Software Foundation, which combines many of the powerful features of Python, Ruby and Smalltalk. A remote code execution vulnerability exists in Apache Groovy versions prior to 2.4.8. An attacker could exploit this...
PT-2001-2571 · Imatix · Xitami
Name of the Vulnerable Software and Affected Versions: Xitami versions 2.4 through 2.5 b4 Description: The issue allows remote attackers to gain privileges due to the storage of the Administrator password in plaintext in the default.aut file. The default permissions of this file are world-readabl...